func init() {
var err error
kp1, err = libkb.GenerateNaclDHKeyPair()
if err != nil {
panic(err)
}
kp2, err = libkb.GenerateNaclDHKeyPair()
if err != nil {
panic(err)
}
}
// Test that CryptoHandler.UnboxBytes32() decrypts a boxed 32-byte
// array correctly.
func TestCryptoUnboxBytes32(t *testing.T) {
tc := SetupEngineTest(t, "crypto")
defer tc.Cleanup()
u := CreateAndSignupFakeUser(tc, "fu")
secretUI := &libkb.TestSecretUI{Passphrase: u.Passphrase}
key, err := getMySecretKey(
tc.G, secretUI, libkb.DeviceEncryptionKeyType, "test")
if err != nil {
t.Fatal(err)
}
kp, ok := key.(libkb.NaclDHKeyPair)
if !ok || kp.Private == nil {
t.Fatalf("unexpected key %v", key)
}
peerKp, err := libkb.GenerateNaclDHKeyPair()
if err != nil {
t.Fatal(err)
}
expectedBytes32 := keybase1.Bytes32{0, 1, 2, 3, 4, 5}
nonce := [24]byte{6, 7, 8, 9, 10}
peersPublicKey := keybase1.BoxPublicKey(peerKp.Public)
encryptedData := box.Seal(nil, expectedBytes32[:], &nonce, (*[32]byte)(&kp.Public), (*[32]byte)(peerKp.Private))
var encryptedBytes32 keybase1.EncryptedBytes32
if len(encryptedBytes32) != len(encryptedData) {
t.Fatalf("Expected %d bytes, got %d", len(encryptedBytes32), len(encryptedData))
}
copy(encryptedBytes32[:], encryptedData)
bytes32, err := UnboxBytes32(tc.G, secretUI, keybase1.UnboxBytes32Arg{
EncryptedBytes32: encryptedBytes32,
Nonce: nonce,
PeersPublicKey: peersPublicKey,
})
if err != nil {
t.Fatal(err)
}
if bytes32 != expectedBytes32 {
t.Errorf("expected %s, got %s", expectedBytes32, bytes32)
}
}
// MakeRandomTLFKeys implements the Crypto interface for CryptoCommon.
func (c *CryptoCommon) MakeRandomTLFKeys() (
tlfPublicKey TLFPublicKey,
tlfPrivateKey TLFPrivateKey,
tlfEphemeralPublicKey TLFEphemeralPublicKey,
tlfEphemeralPrivateKey TLFEphemeralPrivateKey,
tlfCryptKey TLFCryptKey,
err error) {
defer func() {
if err != nil {
tlfPublicKey = TLFPublicKey{}
tlfPrivateKey = TLFPrivateKey{}
tlfEphemeralPublicKey = TLFEphemeralPublicKey{}
tlfEphemeralPrivateKey = TLFEphemeralPrivateKey{}
tlfCryptKey = TLFCryptKey{}
}
}()
publicKey, privateKey, err := box.GenerateKey(rand.Reader)
if err != nil {
return
}
tlfPublicKey = MakeTLFPublicKey(*publicKey)
tlfPrivateKey = MakeTLFPrivateKey(*privateKey)
keyPair, err := libkb.GenerateNaclDHKeyPair()
if err != nil {
return
}
tlfEphemeralPublicKey = MakeTLFEphemeralPublicKey(keyPair.Public)
tlfEphemeralPrivateKey = MakeTLFEphemeralPrivateKey(*keyPair.Private)
err = cryptoRandRead(tlfCryptKey.data[:])
if err != nil {
return
}
return
}
func (e *DeviceKeygen) setup(ctx *Context) {
if e.runErr != nil {
return
}
signArg := e.newNaclArg(ctx, func() (libkb.NaclKeyPair, error) {
kp, err := libkb.GenerateNaclSigningKeyPair()
if err != nil {
return nil, err
}
return kp, nil
}, libkb.NaclEdDSAExpireIn)
e.naclSignGen = libkb.NewNaclKeyGen(signArg)
encArg := e.newNaclArg(ctx, func() (libkb.NaclKeyPair, error) {
kp, err := libkb.GenerateNaclDHKeyPair()
if err != nil {
return nil, err
}
return kp, nil
}, libkb.NaclDHExpireIn)
e.naclEncGen = libkb.NewNaclKeyGen(encArg)
}
// HandleDidCounterSign implements HandleDidCounterSign in
// kex2.Provisionee interface.
func (e *Kex2Provisionee) HandleDidCounterSign(sig []byte) (err error) {
e.G().Log.Debug("+ HandleDidCounterSign()")
defer func() { e.G().Log.Debug("- HandleDidCounterSign() -> %s", libkb.ErrToOk(err)) }()
e.G().Log.Debug("HandleDidCounterSign sig: %s", string(sig))
// load self user (to load merkle root)
_, err = libkb.LoadUser(libkb.NewLoadUserByNameArg(e.G(), e.username))
if err != nil {
return err
}
// decode sig
decSig, err := e.decodeSig(sig)
if err != nil {
return err
}
e.dh, err = libkb.GenerateNaclDHKeyPair()
if err != nil {
return err
}
// make a keyproof for the dh key, signed w/ e.eddsa
dhSig, dhSigID, err := e.dhKeyProof(e.dh, decSig.eldestKID, decSig.seqno, decSig.linkID)
if err != nil {
return err
}
// create the key args for eddsa, dh keys
eddsaArgs, err := makeKeyArgs(decSig.sigID, sig, libkb.SibkeyType, e.eddsa, decSig.eldestKID, decSig.signingKID)
if err != nil {
return err
}
dhArgs, err := makeKeyArgs(dhSigID, []byte(dhSig), libkb.SubkeyType, e.dh, decSig.eldestKID, e.eddsa.GetKID())
if err != nil {
return err
}
// logged in, so save the login state
err = e.saveLoginState()
if err != nil {
return err
}
// push the LKS server half
err = e.pushLKSServerHalf()
if err != nil {
return err
}
// save device and keys locally
err = e.localSave()
if err != nil {
return err
}
// post the key sigs to the api server
err = e.postSigs(eddsaArgs, dhArgs)
if err != nil {
return err
}
return err
}
func TestCryptoUnboxBytes32AnyPaper(t *testing.T) {
tc := SetupEngineTest(t, "crypto")
defer tc.Cleanup()
u := CreateAndSignupFakeUser(tc, "fu")
// create a paper key and cache it
ctx := &Context{
LogUI: tc.G.UI.GetLogUI(),
LoginUI: &libkb.TestLoginUI{},
SecretUI: u.NewSecretUI(),
}
peng := NewPaperKey(tc.G)
if err := RunEngine(peng, ctx); err != nil {
t.Fatal(err)
}
err := tc.G.LoginState().Account(func(a *libkb.Account) {
a.SetUnlockedPaperKey(peng.SigKey(), peng.EncKey())
}, "TestCryptoUnboxBytes32AnyPaper")
key := peng.EncKey()
kp, ok := key.(libkb.NaclDHKeyPair)
if !ok {
t.Fatalf("paper enc key type: %T, expected libkb.NaclDHKeyPair", key)
}
if kp.Private == nil {
t.Fatalf("paper enc key has nil private key")
}
peerKp, err := libkb.GenerateNaclDHKeyPair()
if err != nil {
t.Fatal(err)
}
expectedBytes32 := keybase1.Bytes32{0, 1, 2, 3, 4, 5}
nonce := [24]byte{6, 7, 8, 9, 10}
peersPublicKey := keybase1.BoxPublicKey(peerKp.Public)
encryptedData := box.Seal(nil, expectedBytes32[:], &nonce, (*[32]byte)(&kp.Public), (*[32]byte)(peerKp.Private))
var encryptedBytes32 keybase1.EncryptedBytes32
if len(encryptedBytes32) != len(encryptedData) {
t.Fatalf("Expected %d bytes, got %d", len(encryptedBytes32), len(encryptedData))
}
copy(encryptedBytes32[:], encryptedData)
_, err = UnboxBytes32(tc.G, u.NewSecretUI(), keybase1.UnboxBytes32Arg{
EncryptedBytes32: encryptedBytes32,
Nonce: nonce,
PeersPublicKey: peersPublicKey,
})
// this should fail
if err == nil {
t.Fatal("UnboxBytes32 worked with paper key encrypted data")
}
if _, ok := err.(libkb.DecryptionError); !ok {
t.Fatalf("error %T, expected libkb.DecryptionError", err)
}
// this should work
arg := keybase1.UnboxBytes32AnyArg{
Bundles: []keybase1.CiphertextBundle{
{Kid: kp.GetKID(), Ciphertext: encryptedBytes32, Nonce: nonce},
},
PeersPublicKey: peersPublicKey,
}
res, err := UnboxBytes32Any(tc.G, u.NewSecretUI(), arg)
if err != nil {
t.Fatal(err)
}
if res.Plaintext != expectedBytes32 {
t.Errorf("UnboxBytes32Any plaintext: %x, expected %x", res.Plaintext, expectedBytes32)
}
if res.Kid.IsNil() {
t.Errorf("UnboxBytes32Any kid is nil")
}
// clear the paper key cache to test getting a paper key via UI
err = tc.G.LoginState().Account(func(a *libkb.Account) {
a.ClearCachedSecretKeys()
}, "TestCryptoUnboxBytes32AnyPaper")
if err != nil {
t.Fatal(err)
}
// set the passphrase in the secretUI to the paper key
secretUI := u.NewSecretUI()
secretUI.Passphrase = peng.Passphrase()
res, err = UnboxBytes32Any(tc.G, secretUI, arg)
if err != nil {
t.Fatal(err)
}
if res.Plaintext != expectedBytes32 {
t.Errorf("UnboxBytes32Any plaintext: %x, expected %x", res.Plaintext, expectedBytes32)
}
if res.Kid.IsNil() {
t.Errorf("UnboxBytes32Any kid is nil")
}
}
// Test that CryptoHandler.UnboxBytes32() decrypts a boxed 32-byte
// array correctly.
func TestCryptoUnboxBytes32(t *testing.T) {
tc := SetupEngineTest(t, "crypto")
defer tc.Cleanup()
u := CreateAndSignupFakeUser(tc, "fu")
f := func() libkb.SecretUI {
return &libkb.TestSecretUI{Passphrase: u.Passphrase}
}
key, err := getMySecretKey(
tc.G, f, libkb.DeviceEncryptionKeyType, "test")
if err != nil {
t.Fatal(err)
}
kp, ok := key.(libkb.NaclDHKeyPair)
if !ok || kp.Private == nil {
t.Fatalf("unexpected key %v", key)
}
peerKp, err := libkb.GenerateNaclDHKeyPair()
if err != nil {
t.Fatal(err)
}
expectedBytes32 := keybase1.Bytes32{0, 1, 2, 3, 4, 5}
nonce := [24]byte{6, 7, 8, 9, 10}
peersPublicKey := keybase1.BoxPublicKey(peerKp.Public)
encryptedData := box.Seal(nil, expectedBytes32[:], &nonce, (*[32]byte)(&kp.Public), (*[32]byte)(peerKp.Private))
var encryptedBytes32 keybase1.EncryptedBytes32
if len(encryptedBytes32) != len(encryptedData) {
t.Fatalf("Expected %d bytes, got %d", len(encryptedBytes32), len(encryptedData))
}
copy(encryptedBytes32[:], encryptedData)
bytes32, err := UnboxBytes32(tc.G, f, keybase1.UnboxBytes32Arg{
EncryptedBytes32: encryptedBytes32,
Nonce: nonce,
PeersPublicKey: peersPublicKey,
})
if err != nil {
t.Fatal(err)
}
if bytes32 != expectedBytes32 {
t.Errorf("expected %s, got %s", expectedBytes32, bytes32)
}
// also test UnboxBytes32Any:
arg := keybase1.UnboxBytes32AnyArg{
Bundles: []keybase1.CiphertextBundle{
{Kid: kp.GetKID(), Ciphertext: encryptedBytes32, Nonce: nonce, PublicKey: peersPublicKey},
},
}
res, err := UnboxBytes32Any(tc.G, f, arg)
if err != nil {
t.Fatal(err)
}
if res.Plaintext != expectedBytes32 {
t.Errorf("UnboxBytes32Any plaintext: %x, expected %x", res.Plaintext, expectedBytes32)
}
if res.Kid.IsNil() {
t.Errorf("UnboxBytes32Any kid is nil")
}
}