func TestKeyInitSuccess(t *testing.T) {
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// success
ki, _, _, err := msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if err := ki.Check(); err != nil {
t.Error(err)
}
// getter methods
if ki.MsgCount() != ki.Contents.MSGCOUNT {
t.Error("msgCount mismatch")
}
if ki.SigKeyHash() != ki.Contents.SIGKEYHASH {
t.Error("sigKeyHash mismatch")
}
// JSON conversion
jsn := ki.JSON()
jsnKI, err := NewJSONKeyInit(jsn)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(jsn, jsnKI.JSON()) {
t.Errorf("KeyInits differ")
}
// verify
uris := make([]string, 1)
uris[0] = "mute.berlin"
if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err != nil {
t.Error(err)
}
// sign
sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
sig := ki.Sign(sigKey)
// verify signature
pubKey := base64.Encode(sigKey.PublicKey()[:])
if err := ki.VerifySrvSig(sig, pubKey); err != nil {
t.Error(err)
}
}
func TestVerifySrvSigfailure(t *testing.T) {
msg, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// success
ki, _, _, err := msg.KeyInit(1, uint64(times.NinetyDaysLater()), 0, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// sign
sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
sig := ki.Sign(sigKey)
pubKey := base64.Encode(sigKey.PublicKey()[:])
// invalid signature
if err := ki.VerifySrvSig("!", pubKey); err == nil {
t.Error("should fail")
}
// invalid public key
if err := ki.VerifySrvSig(sig, "!"); err == nil {
t.Error("should fail")
}
// invalid signature
var signature [ed25519.PrivateKeySize]byte
if _, err := io.ReadFull(cipher.RandReader, signature[:]); err != nil {
t.Fatal(err)
}
sig = base64.Encode(signature[:])
if err := ki.VerifySrvSig(sig, pubKey); err == nil {
t.Error("should fail")
}
}
func TestUIDMessageReply(t *testing.T) {
uid, err := Create("*****@*****.**", false, "", "", Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
key, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// encrypt
UIDHash, UIDIndex, UIDMessageEncrypted := uid.Encrypt()
// create reply
UIDMessageReply := CreateReply(UIDMessageEncrypted, "", 0, key)
reply := UIDMessageReply.JSON()
// JSON encoding/decoding
jsnReply, err := NewJSONReply(string(reply))
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(reply, jsnReply.JSON()) {
t.Errorf("replies differ")
}
// decrypt
idx, msg, err := UIDMessageReply.Decrypt(UIDHash)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(idx, UIDIndex) {
t.Errorf("indices differ")
}
if !bytes.Equal(msg.JSON(), uid.JSON()) {
t.Errorf("UIDs differ")
}
// wrong UIDHash
hash := make([]byte, 32)
if _, _, err := UIDMessageReply.Decrypt(hash); err == nil {
t.Error("should fail")
}
// verify signature
sigKey := base64.Encode(key.PublicKey()[:])
if err := UIDMessageReply.VerifySrvSig(uid, sigKey); err != nil {
t.Error(err)
}
// corrupt encrypte message
UIDMessageReply.ENTRY.UIDMESSAGEENCRYPTED = "!"
if _, _, err := UIDMessageReply.Decrypt(UIDHash); err == nil {
t.Error("should fail")
}
// corrupt signature
sig := UIDMessageReply.SERVERSIGNATURE
UIDMessageReply.SERVERSIGNATURE = "!"
if err := UIDMessageReply.VerifySrvSig(uid, sigKey); err == nil {
t.Error("should fail")
}
// corrupt signature key
UIDMessageReply.SERVERSIGNATURE = sig // restore signature
if err := UIDMessageReply.VerifySrvSig(uid, "!"); err == nil {
t.Error("should fail")
}
// invalid signature
UIDMessageReply.SERVERSIGNATURE = ""
if err := UIDMessageReply.VerifySrvSig(uid, sigKey); err == nil {
t.Error("should fail")
}
}
func TestPrivateUID(t *testing.T) {
tmpdir, keyDB, err := createDB()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
defer keyDB.Close()
alice, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bob, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if err := keyDB.AddPrivateUID(alice); err != nil {
t.Fatal(err)
}
if err := keyDB.AddPrivateUID(bob); err != nil {
t.Fatal(err)
}
identities, err := keyDB.GetPrivateIdentities()
if err != nil {
t.Fatal(err)
}
if len(identities) != 2 {
t.Error("wrong number of identities")
}
if !util.ContainsString(identities, "*****@*****.**") {
t.Error("alice missing from identities")
}
if !util.ContainsString(identities, "*****@*****.**") {
t.Error("bob missing from identities")
}
identities, err = keyDB.GetPrivateIdentitiesForDomain("mute.berlin")
if err != nil {
t.Fatal(err)
}
if len(identities) != 1 {
t.Error("wrong number of identities")
}
if !util.ContainsString(identities, "*****@*****.**") {
t.Error("alice missing from identities")
}
a, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
if err != nil {
t.Fatal(err)
}
b, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
if err != nil {
t.Fatal(err)
}
if a.PrivateEncKey() != alice.PrivateEncKey() {
t.Error("PrivateEncKeys differ")
}
if a.PrivateSigKey() != alice.PrivateSigKey() {
t.Error("PrivateSigKeys differ")
}
if b.SigPubKey() != bob.SigPubKey() {
t.Error("SigPubKeys differ")
}
key, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// encrypt
_, _, UIDMessageEncrypted := alice.Encrypt()
// create reply
reply := uid.CreateReply(UIDMessageEncrypted, "", 0, key)
if err := keyDB.AddPrivateUIDReply(alice, reply); err != nil {
t.Fatal(err)
}
if err := keyDB.DelPrivateUID(alice); err != nil {
t.Fatal(err)
}
_, _, err = keyDB.GetPrivateUID("*****@*****.**", false)
if err == nil {
t.Error("should fail")
}
}