Esempio n. 1
0
// Test that SignToString() signs the given message with the device
// signing key and that the signature is verifiable and contains the message.
func TestCryptoSignToString(t *testing.T) {
	tc := SetupEngineTest(t, "crypto")
	defer tc.Cleanup()

	u := CreateAndSignupFakeUser(tc, "fu")
	f := func() libkb.SecretUI {
		return &libkb.TestSecretUI{Passphrase: u.Passphrase}
	}

	msg := []byte("test message")
	signature, err := SignToString(tc.G, f, keybase1.SignToStringArg{
		Msg: msg,
	})
	if err != nil {
		t.Fatal(err)
	}

	_, msg2, _, err := libkb.NaclVerifyAndExtract(signature)
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(msg, msg2) {
		t.Fatal(fmt.Errorf("message mismatch, expected: %s, got: %s",
			string(msg), string(msg2)))
	}
}
Esempio n. 2
0
func VerifyToken(signature, server, challenge string, maxExpireIn int) (*Token, error) {
	var t *Token
	key, token, _, err := libkb.NaclVerifyAndExtract(signature)
	if err != nil {
		return nil, err
	}
	if t, err = parseToken(token); err != nil {
		return nil, err
	}
	if key.GetKID() != t.KID() {
		return nil, InvalidTokenKeyError{
			expected: key.GetKID().String(),
			received: t.KID().String(),
		}
	}
	if TokenType != t.Type() {
		return nil, InvalidTokenTypeError{
			expected: TokenType,
			received: t.Type(),
		}
	}
	if server != t.Server() {
		return nil, InvalidTokenServerError{
			expected: server,
			received: t.Server(),
		}
	}
	if challenge != t.Challenge() {
		return nil, InvalidTokenChallengeError{
			expected: challenge,
			received: t.Challenge(),
		}
	}
	remaining := t.TimeRemaining()
	if remaining > maxExpireIn {
		return nil, MaxTokenExpiresError{
			creationTime: t.CreationTime,
			expireIn:     t.ExpireIn,
			now:          time.Now().Unix(),
			maxExpireIn:  maxExpireIn,
			remaining:    remaining,
		}
	}
	if remaining <= 0 {
		return nil, TokenExpiredError{
			creationTime: t.CreationTime,
			expireIn:     t.ExpireIn,
			now:          time.Now().Unix(),
		}
	}
	return t, nil
}