func TestReflection(t *testing.T) {
alice := "*****@*****.**"
aliceUID, err := uid.Create(alice, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bob := "*****@*****.**"
bobUID, err := uid.Create(bob, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
var encMsg bytes.Buffer
aliceKeyStore := memstore.New()
aliceKeyStore.AddPublicKeyEntry(bob, bobUID.PubKey()) // duplicate key
encryptArgs := &EncryptArgs{
Writer: &encMsg,
From: aliceUID,
To: bobUID,
SenderLastKeychainHash: hashchain.TestEntry,
Reader: bytes.NewBufferString(msgs.Message1),
Rand: cipher.RandReader,
KeyStore: aliceKeyStore,
}
if _, err = Encrypt(encryptArgs); err != ErrReflection {
t.Error("should fail with ErrReflection")
}
}
func encrypt(sign bool, flipUIDs bool) (
sender, recipient *uid.Message,
w bytes.Buffer,
recipientTemp *uid.KeyEntry,
privateKey string,
err error,
) {
sender, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
return
}
recipient, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
return
}
if flipUIDs {
sender, recipient = recipient, sender
}
r := bytes.NewBufferString(msgs.Message1)
now := uint64(times.Now())
recipientKI, _, privateKey, err := recipient.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
return
}
recipientTemp, err = recipientKI.KeyEntryECDHE25519(recipient.SigPubKey())
if err != nil {
return
}
// encrypt
var privateSigKey *[64]byte
if sign {
privateSigKey = sender.PrivateSigKey64()
}
ms := memstore.New()
ms.AddPublicKeyEntry(recipient.Identity(), recipientTemp)
args := &EncryptArgs{
Writer: &w,
From: sender,
To: recipient,
SenderLastKeychainHash: hashchain.TestEntry,
PrivateSigKey: privateSigKey,
Reader: r,
Rand: cipher.RandReader,
KeyStore: ms,
}
if _, err = Encrypt(args); err != nil {
return
}
return
}
func decrypt(sender, recipient *uid.Message, r io.Reader, recipientTemp *uid.KeyEntry,
privateKey string, sign bool, chkMsg bool) error {
// decrypt
var res bytes.Buffer
identities := []*uid.Message{recipient}
input := base64.NewDecoder(r)
version, preHeader, err := ReadFirstOuterHeader(input)
if err != nil {
return err
}
if version != Version {
return errors.New("wrong version")
}
ms := memstore.New()
if err := recipientTemp.SetPrivateKey(privateKey); err != nil {
return err
}
ms.AddPrivateKeyEntry(recipientTemp)
args := &DecryptArgs{
Writer: &res,
Identities: identities,
PreHeader: preHeader,
Reader: input,
Rand: cipher.RandReader,
KeyStore: ms,
}
_, sig, err := Decrypt(args)
if err != nil {
return err
}
// do not compare messages when fuzzing, because messages have to be different!
if chkMsg && res.String() != msgs.Message1 {
return errors.New("messages differ")
}
if sign {
contentHash := cipher.SHA512(res.Bytes())
decSig, err := base64.Decode(sig)
if err != nil {
return err
}
if len(decSig) != ed25519.SignatureSize {
return errors.New("signature has wrong length")
}
var sigBuf [ed25519.SignatureSize]byte
copy(sigBuf[:], decSig)
if !ed25519.Verify(sender.PublicSigKey32(), contentHash, &sigBuf) {
return errors.New("signature verification failed")
}
}
return nil
}
func TestMaxMessageLength(t *testing.T) {
alice := "*****@*****.**"
aliceUID, err := uid.Create(alice, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bob := "*****@*****.**"
bobUID, err := uid.Create(bob, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
now := uint64(times.Now())
bobKI, _, privateKey, err := bobUID.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bobKE, err := bobKI.KeyEntryECDHE25519(bobUID.SigPubKey())
if err != nil {
t.Fatal(err)
}
// create large message
message, err := padding.Generate(MaxContentLength, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// encrypt message from Alice to Bob
var encMsg bytes.Buffer
aliceKeyStore := memstore.New()
aliceKeyStore.AddPublicKeyEntry(bob, bobKE)
encryptArgs := &EncryptArgs{
Writer: &encMsg,
From: aliceUID,
To: bobUID,
SenderLastKeychainHash: hashchain.TestEntry,
PrivateSigKey: aliceUID.PrivateSigKey64(),
Reader: bytes.NewBuffer(message),
Rand: cipher.RandReader,
KeyStore: aliceKeyStore,
}
if _, err = Encrypt(encryptArgs); err != nil {
t.Fatal(err)
}
// decrypt message from Alice to Bob
var res bytes.Buffer
bobIdentities := []*uid.Message{bobUID}
input := base64.NewDecoder(&encMsg)
version, preHeader, err := ReadFirstOuterHeader(input)
if err != nil {
t.Fatal(err)
}
if version != Version {
t.Fatal("wrong version")
}
bobKeyStore := memstore.New()
if err := bobKE.SetPrivateKey(privateKey); err != nil {
t.Fatal(err)
}
bobKeyStore.AddPrivateKeyEntry(bobKE)
decryptArgs := &DecryptArgs{
Writer: &res,
Identities: bobIdentities,
PreHeader: preHeader,
Reader: input,
Rand: cipher.RandReader,
KeyStore: bobKeyStore,
}
_, _, err = Decrypt(decryptArgs)
if err != nil {
t.Fatal(err)
}
if res.String() != string(message) {
t.Fatal("messages differ")
}
}
func TestGenerateMessageKeys(t *testing.T) {
defer log.Flush()
rk, err := base64.Decode("CH9NjvU/usWcT0vNgiiUHNt9UFgWKneEPRgN0HIvlP0=")
if err != nil {
t.Fatal(err)
}
ssp, err := base64.Decode("XRzQmXbf1TRTMVOpU9354Vx8mR32im0gK3IzzVPI/JE=")
if err != nil {
t.Fatal(err)
}
rp, err := base64.Decode("y2mzWFL3I16rkNPeMFleX/6a8Ynx93L8oirS4uSYTPo=")
if err != nil {
t.Fatal(err)
}
var rootKey [32]byte
var senderSessionPub [32]byte
var recipientPub [32]byte
copy(rootKey[:], rk)
copy(senderSessionPub[:], ssp)
copy(recipientPub[:], rp)
a := "*****@*****.**"
b := "*****@*****.**"
ms1 := memstore.New()
senderSessionKey := session.CalcKey("sender", "recipient",
base64.Encode(cipher.SHA512(senderSessionPub[:])),
base64.Encode(cipher.SHA512(recipientPub[:])))
recipientSessionKey := session.CalcKey("recipient", "sender",
base64.Encode(cipher.SHA512(recipientPub[:])),
base64.Encode(cipher.SHA512(senderSessionPub[:])))
err = generateMessageKeys(a, b, "sender", "recipient", &rootKey, false,
&senderSessionPub, &recipientPub, NumOfFutureKeys, ms1)
if err != nil {
t.Fatal(err)
}
rootKeyHash, err := ms1.GetRootKeyHash(senderSessionKey)
if err != nil {
t.Fatal(err)
}
b64 := base64.Encode(rootKeyHash[:])
if b64 != "KJgsEto4kssCEBJAgGJTt2fJ6/FJqMupevapOwtkdgjF0z0VNI8Zzv15hwRVfZPGrGtgc5AGaeZiyao2wZLE2Q==" {
t.Errorf("wrong rootKeyHash: %s", b64)
}
key, err := ms1.GetMessageKey(senderSessionKey, true, 0)
if err != nil {
t.Fatal(err)
}
b64 = base64.Encode(key[:])
if b64 != "1EaJ70EOJ1tEYEksbmv1FOgmG+SB0A0LMcx4gp687NdrEmeb/T04GYneFw9hAenUGsgkOjGtySLIL36xqQlgmw==" {
t.Errorf("wrong message key (sender, 0): %s", b64)
}
key, err = ms1.GetMessageKey(senderSessionKey, false, 0)
if err != nil {
t.Fatal(err)
}
b64 = base64.Encode(key[:])
if b64 != "o5K0K5cKuWEAMX6g1Cbv2yrcddg2eoB7PhJjtECO1IQsVbNkTf/FqiW4X2/Tmy6XbXhEoysdYPJL4bokoINvsA==" {
t.Errorf("wrong message key (recipient, 0): %s", b64)
}
key, err = ms1.GetMessageKey(senderSessionKey, true, 49)
if err != nil {
t.Fatal(err)
}
b64 = base64.Encode(key[:])
if b64 != "r1TwPGq7WF5ysN2ZFyX4ZmnnNxMzH3hAAOfWew8mIND7BqFPSY01H/A7U48awcOwFd9pCnVXd5yc5W0TYvON/Q==" {
t.Errorf("wrong message key (sender, 49): %s", b64)
}
key, err = ms1.GetMessageKey(senderSessionKey, false, 49)
if err != nil {
t.Fatal(err)
}
b64 = base64.Encode(key[:])
if b64 != "d45Eic1g95nDrSncvo4FML/zha9lHtnDO/9kDyARQP3AgguhXD1bjw+/ep8MkI91qjAlnmHcsxVOAEEMbecmaQ==" {
t.Errorf("wrong message key (recipient, 49): %s", b64)
}
// generate additional keys from chainKey
chainKey, err := ms1.GetChainKey(senderSessionKey)
if err != nil {
t.Fatal(err)
}
err = generateMessageKeys(a, b, "sender", "recipient", chainKey, false,
&senderSessionPub, &recipientPub, NumOfFutureKeys, ms1)
if err != nil {
t.Fatal(err)
}
// generate all keys at the same time
ms2 := memstore.New()
copy(rootKey[:], rk)
err = generateMessageKeys(a, b, "sender", "recipient", &rootKey, true,
&senderSessionPub, &recipientPub, 2*NumOfFutureKeys, ms2)
if err != nil {
t.Fatal(err)
}
n1, err := ms1.NumMessageKeys(senderSessionKey)
if err != nil {
t.Fatal(err)
}
n2, err := ms2.NumMessageKeys(recipientSessionKey)
if err != nil {
t.Fatal(err)
}
if n1 != n2 {
t.Error("number of message keys differ")
}
// compare keys
k1, err := ms1.GetMessageKey(senderSessionKey, true, NumOfFutureKeys-1)
if err != nil {
t.Fatal(err)
}
k2, err := ms2.GetMessageKey(recipientSessionKey, false, NumOfFutureKeys-1)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(k1[:], k2[:]) {
t.Error("keys differ")
}
k1, err = ms1.GetMessageKey(senderSessionKey, true, 2*NumOfFutureKeys-1)
if err != nil {
t.Fatal(err)
}
k2, err = ms2.GetMessageKey(recipientSessionKey, false, 2*NumOfFutureKeys-1)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(k1[:], k2[:]) {
t.Error("keys differ")
}
}