func TestVerifyFailure(t *testing.T) {
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
other, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// success
ki, _, _, err := msg.KeyInit(1, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
ki2, _, _, err := other.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// repo URI
if err := ki.Verify(nil, msg.UIDContent.SIGKEY.PUBKEY); err != ErrRepoURI {
t.Error("should fail")
}
// sighash
uris := make([]string, 1)
uris[0] = "mute.berlin"
if err := ki.Verify(uris, other.UIDContent.SIGKEY.PUBKEY); err != ErrWrongSigKeyHash {
t.Error("should fail")
}
// bad signature
sig := ki.SIGNATURE
ki.SIGNATURE = "!"
if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err == nil {
t.Error("should fail")
}
ki.SIGNATURE = sig
pubKey := msg.UIDContent.SIGKEY.PUBKEY
msg.UIDContent.SIGKEY.PUBKEY = "!"
if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err == nil {
t.Error("should fail")
}
// wrong signature
msg.UIDContent.SIGKEY.PUBKEY = pubKey
ki.SIGNATURE = ki2.SIGNATURE
if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err != ErrInvalidKeyInitSig {
t.Error("should fail")
}
// invalid times
ki2.Contents.MSGCOUNT = 1
ki2.Contents.NOTAFTER = 0
if err := ki2.Verify(uris, other.UIDContent.SIGKEY.PUBKEY); err != ErrInvalidTimes {
t.Error("should fail")
}
}
func TestKeyInitSuccess(t *testing.T) {
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// success
ki, _, _, err := msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if err := ki.Check(); err != nil {
t.Error(err)
}
// getter methods
if ki.MsgCount() != ki.Contents.MSGCOUNT {
t.Error("msgCount mismatch")
}
if ki.SigKeyHash() != ki.Contents.SIGKEYHASH {
t.Error("sigKeyHash mismatch")
}
// JSON conversion
jsn := ki.JSON()
jsnKI, err := NewJSONKeyInit(jsn)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(jsn, jsnKI.JSON()) {
t.Errorf("KeyInits differ")
}
// verify
uris := make([]string, 1)
uris[0] = "mute.berlin"
if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err != nil {
t.Error(err)
}
// sign
sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
sig := ki.Sign(sigKey)
// verify signature
pubKey := base64.Encode(sigKey.PublicKey()[:])
if err := ki.VerifySrvSig(sig, pubKey); err != nil {
t.Error(err)
}
}
func TestKeyInitFailure(t *testing.T) {
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// invalid times
_, _, _, err = msg.KeyInit(0, 0, 0, false, "mute.berlin", "", "",
cipher.RandReader)
if err != ErrInvalidTimes {
t.Error("should fail")
}
_, _, _, err = msg.KeyInit(0, 1, 0, false, "mute.berlin", "", "",
cipher.RandReader)
if err != ErrExpired {
t.Error("should fail")
}
_, _, _, err = msg.KeyInit(0, uint64(times.OneYearLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != ErrFuture {
t.Fatal(err)
}
// rand fail
_, _, _, err = msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandFail)
if err == nil {
t.Error("should fail")
}
// decode failure
msg.UIDContent.SIGKEY.HASH = "!"
_, _, _, err = msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err == nil {
t.Error("should fail")
}
}
func TestVerifySrvSigfailure(t *testing.T) {
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// success
ki, _, _, err := msg.KeyInit(1, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// sign
sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
sig := ki.Sign(sigKey)
pubKey := base64.Encode(sigKey.PublicKey()[:])
// invalid signature
if err := ki.VerifySrvSig("!", pubKey); err == nil {
t.Error("should fail")
}
// invalid public key
if err := ki.VerifySrvSig(sig, "!"); err == nil {
t.Error("should fail")
}
// invalid signature
var signature [ed25519.PrivateKeySize]byte
if _, err := io.ReadFull(cipher.RandReader, signature[:]); err != nil {
t.Fatal(err)
}
sig = base64.Encode(signature[:])
if err := ki.VerifySrvSig(sig, pubKey); err == nil {
t.Error("should fail")
}
}
func TestAccount(t *testing.T) {
tmpdir, msgDB, err := createDB()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
defer msgDB.Close()
a := "*****@*****.**"
b := "*****@*****.**"
if err := msgDB.AddNym(a, a, "Alice"); err != nil {
t.Fatal(err)
}
if err := msgDB.AddContact(a, b, b, "Bob", WhiteList); err != nil {
t.Fatal(err)
}
// add acounts
_, privkey1, err := ed25519.GenerateKey(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
_, privkey2, err := ed25519.GenerateKey(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
server1 := "accounts001.mute.berlin"
server2 := "accounts002.mute.berlin"
var secret1 [64]byte
var secret2 [64]byte
if _, err := io.ReadFull(cipher.RandReader, secret1[:]); err != nil {
t.Fatal(err)
}
if _, err := io.ReadFull(cipher.RandReader, secret2[:]); err != nil {
t.Fatal(err)
}
err = msgDB.AddAccount(a, "", privkey1, server1, &secret1,
def.MinMinDelay, def.MinMaxDelay)
if err != nil {
t.Fatal(err)
}
contacts, err := msgDB.GetAccounts(a)
if err != nil {
t.Fatal(err)
}
if len(contacts) != 1 {
t.Error("len(contacts) != 1")
} else {
if contacts[0] != "" {
t.Error("contacts[0] != \"\"")
}
}
err = msgDB.AddAccount(a, b, privkey2, server2, &secret2,
def.MinMinDelay, def.MinMaxDelay)
if err != nil {
t.Fatal(err)
}
// set account time
now := times.Now()
d90 := times.NinetyDaysLater()
d365 := times.OneYearLater()
if err := msgDB.SetAccountTime(a, "", d90); err != nil {
t.Fatal(err)
}
if err := msgDB.SetAccountTime(a, b, d365); err != nil {
t.Fatal(err)
}
if err := msgDB.SetAccountLastMsg(a, b, now); err != nil {
t.Fatal(err)
}
// get account
pk1, srv1, scrt1, minDelay, maxDelay, lastTime1, err := msgDB.GetAccount(a, "")
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(pk1[:], privkey1[:]) {
t.Error("pk1 != privkey1")
}
if srv1 != server1 {
t.Error("srv1 != server1")
}
if !bytes.Equal(scrt1[:], secret1[:]) {
t.Error("scrt1 != secret1")
}
if minDelay != def.MinMinDelay {
t.Error("minDelay != def.MinMinDelay")
}
if maxDelay != def.MinMaxDelay {
t.Error("maxDelay != def.MinMaxDelay")
}
if lastTime1 != 0 {
t.Error("lastTime1 != 0")
}
pk2, srv2, scrt2, _, _, lastTime2, err := msgDB.GetAccount(a, b)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(pk2[:], privkey2[:]) {
t.Error("pk2 != privkey2")
}
if srv2 != server2 {
t.Error("srv2 != server2")
}
if !bytes.Equal(scrt2[:], secret2[:]) {
t.Error("scrt2 != secret2")
}
if lastTime2 != now {
t.Error("lastTime2 != now")
}
// get accounts
contacts, err = msgDB.GetAccounts(a)
if err != nil {
t.Fatal(err)
}
if len(contacts) != 2 {
t.Error("len(contacts) != 2")
} else {
if contacts[0] != "" {
t.Error("contacts[0] != \"\"")
}
if contacts[1] != b {
t.Error("contacts[1] != b")
}
}
// get account time
t1, err := msgDB.GetAccountTime(a, "")
if err != nil {
t.Fatal(err)
}
if t1 != d90 {
t.Error("t1 != d90")
}
t2, err := msgDB.GetAccountTime(a, b)
if err != nil {
t.Fatal(err)
}
if t2 != d365 {
t.Error("t2 != d365")
}
}
func (ce *CryptEngine) addKeyInit(pseudonym, mixaddress, nymaddress, token string) error {
// map pseudonym
id, domain, err := identity.MapPlus(pseudonym)
if err != nil {
return err
}
// TODO: check token?
// generate KeyInit
msg, _, err := ce.keyDB.GetPrivateUID(id, true)
if err != nil {
return err
}
// TODO: fix parameter!
ki, pubKeyHash, privateKey, err := msg.KeyInit(0,
uint64(times.NinetyDaysLater()), 0, true, domain, mixaddress,
nymaddress, cipher.RandReader)
if err != nil {
return err
}
var (
kis []*uid.KeyInit
pubKeyHashes []string
privateKeys []string
tokens []string
)
kis = append(kis, ki)
pubKeyHashes = append(pubKeyHashes, pubKeyHash)
privateKeys = append(privateKeys, privateKey)
tokens = append(tokens, token)
// get JSON-RPC client and capabilities
client, caps, err := ce.cache.Get(domain, ce.keydPort, ce.keydHost,
ce.homedir, "KeyInitRepository.AddKeyInit")
if err != nil {
return err
}
// call server
content := make(map[string]interface{})
content["SigPubKey"] = msg.UIDContent.SIGKEY.PUBKEY
content["KeyInits"] = kis
content["Tokens"] = tokens
reply, err := client.JSONRPCRequest("KeyInitRepository.AddKeyInit", content)
if err != nil {
return err
}
// verify server signatures
sigs, ok := reply["Signatures"].([]interface{})
if !ok {
return log.Errorf("cryptengine: could not add key inits for '%s'", msg.UIDContent.IDENTITY)
}
if len(kis) != len(sigs) {
return log.Error("cryptengine: number of returned signatures does not equal number of sent key init messages")
}
for i, ki := range kis {
sig, ok := sigs[i].(string)
if !ok {
return log.Error("cryptengine: signature is not a string")
}
// TODO: keyserver can return more than one SIGPUBKEY
if err := ki.VerifySrvSig(sig, caps.SIGPUBKEYS[0]); err != nil {
return err
}
}
// store server key init messages and server signatures
for i, ki := range kis {
sig := sigs[i].(string) // cast has been checked already above
if err := ce.keyDB.AddPrivateKeyInit(ki, pubKeyHashes[i], msg.SigPubKey(), privateKeys[i], sig); err != nil {
return err
}
}
return nil
}