func TestReflection(t *testing.T) {
alice := "*****@*****.**"
aliceUID, err := uid.Create(alice, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bob := "*****@*****.**"
bobUID, err := uid.Create(bob, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
var encMsg bytes.Buffer
aliceKeyStore := memstore.New()
aliceKeyStore.AddPublicKeyEntry(bob, bobUID.PubKey()) // duplicate key
encryptArgs := &EncryptArgs{
Writer: &encMsg,
From: aliceUID,
To: bobUID,
SenderLastKeychainHash: hashchain.TestEntry,
Reader: bytes.NewBufferString(msgs.Message1),
Rand: cipher.RandReader,
KeyStore: aliceKeyStore,
}
if _, err = Encrypt(encryptArgs); err != ErrReflection {
t.Error("should fail with ErrReflection")
}
}
func encrypt(sign bool, flipUIDs bool) (
sender, recipient *uid.Message,
w bytes.Buffer,
recipientTemp *uid.KeyEntry,
privateKey string,
err error,
) {
sender, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
return
}
recipient, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
return
}
if flipUIDs {
sender, recipient = recipient, sender
}
r := bytes.NewBufferString(msgs.Message1)
now := uint64(times.Now())
recipientKI, _, privateKey, err := recipient.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
return
}
recipientTemp, err = recipientKI.KeyEntryECDHE25519(recipient.SigPubKey())
if err != nil {
return
}
// encrypt
var privateSigKey *[64]byte
if sign {
privateSigKey = sender.PrivateSigKey64()
}
ms := memstore.New()
ms.AddPublicKeyEntry(recipient.Identity(), recipientTemp)
args := &EncryptArgs{
Writer: &w,
From: sender,
To: recipient,
SenderLastKeychainHash: hashchain.TestEntry,
PrivateSigKey: privateSigKey,
Reader: r,
Rand: cipher.RandReader,
KeyStore: ms,
}
if _, err = Encrypt(args); err != nil {
return
}
return
}
func TestPublicKeyInit(t *testing.T) {
tmpdir, keyDB, err := createDB()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
defer keyDB.Close()
msg, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
now := uint64(times.Now())
ki, _, _, err := msg.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if err := keyDB.AddPublicKeyInit(ki); err != nil {
t.Fatal(err)
}
rKI, err := keyDB.GetPublicKeyInit(ki.SigKeyHash())
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(rKI.JSON(), ki.JSON()) {
t.Error("KeyInits differ")
}
}
func TestPrivateKeyInit(t *testing.T) {
tmpdir, keyDB, err := createDB()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
defer keyDB.Close()
msg, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
now := uint64(times.Now())
ki, pubKeyHash, privateKey, err := msg.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
err = keyDB.AddPrivateKeyInit(ki, pubKeyHash, msg.SigPubKey(), privateKey,
"/63l/c3XB5yimoGKv6GS9TjuiM3PKVH/H/dlhnQixeIRsFRkWRl8fjXmKyQl5bk4N7DjkBPg/1GQVndhG+HWAg==")
if err != nil {
t.Fatal(err)
}
rKI, rSigPubKey, rPrivKey, err := keyDB.GetPrivateKeyInit(pubKeyHash)
if !bytes.Equal(rKI.JSON(), ki.JSON()) {
t.Error("KeyInits differ")
}
if rSigPubKey != msg.SigPubKey() {
t.Error("SigPubKeys differ")
}
if rPrivKey != privateKey {
t.Error("PrivKeys differ")
}
}
func TestKeyEntry(t *testing.T) {
ms := New()
uidMsg, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
now := uint64(times.Now())
ki, _, _, err := uidMsg.KeyInit(1, now+times.Day, now-times.Day, false,
"mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
ke, err := ki.KeyEntryECDHE25519(uidMsg.SigPubKey())
if err != nil {
t.Fatal(err)
}
// private
ms.AddPrivateKeyEntry(ke)
entry, err := ms.GetPrivateKeyEntry(ke.HASH)
if err != nil {
t.Error(err)
} else if entry != ke {
t.Error("entry != ke")
}
if _, err := ms.GetPrivateKeyEntry("MUTE"); err == nil {
t.Error("should fail")
}
// public
ms.AddPublicKeyEntry(uidMsg.Identity(), ke)
entry, _, err = ms.GetPublicKeyEntry(uidMsg)
if err != nil {
t.Error(err)
} else if entry != ke {
t.Error("entry != ke")
}
uidMsg, err = uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if _, _, err := ms.GetPublicKeyEntry(uidMsg); err != session.ErrNoKeyEntry {
t.Error("should fail with session.ErrNoKeyEntry")
}
}
func TestPublicUID(t *testing.T) {
tmpdir, keyDB, err := createDB()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
defer keyDB.Close()
a1, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
a2, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if err := keyDB.AddPublicUID(a1, 10); err != nil {
t.Fatal(err)
}
if err := keyDB.AddPublicUID(a2, 20); err != nil {
t.Fatal(err)
}
var pos uint64
var rA1 *uid.Message
rA1, pos, _, err = keyDB.GetPublicUID("*****@*****.**", 10)
if !bytes.Equal(rA1.JSON(), a1.JSON()) {
t.Error("UID messages differ")
}
if pos != 10 {
t.Error("a1 position should be 10")
}
var rA2 *uid.Message
rA2, pos, _, err = keyDB.GetPublicUID("*****@*****.**", 30)
if !bytes.Equal(rA2.JSON(), a2.JSON()) {
t.Error("UID messages differ")
}
if pos != 20 {
t.Error("a2 position should be 20")
}
}
// generate a new nym and store it in keydb.
func (ce *CryptEngine) generate(
pseudonym string,
keyserver bool,
outputfp *os.File,
) error {
// map pseudonym
id, domain, err := identity.MapPlus(pseudonym)
if err != nil {
return err
}
// create new UID
// TODO: allow different PFS preferences
var lastEntry string
if !keyserver {
// no lastEntry, because this will be the first entry in hashchain
lastEntry, err = ce.keyDB.GetLastHashChainEntry(domain)
if err != nil {
return err
}
}
uid, err := uid.Create(id, false, "", "", uid.Strict, lastEntry,
cipher.RandReader)
if err != nil {
return err
}
if !keyserver {
// store UID in keyDB
if err := ce.keyDB.AddPrivateUID(uid); err != nil {
return err
}
} else {
// a private key for the keyserver is not stored in the keyDB
var out bytes.Buffer
if err := json.Indent(&out, []byte(uid.JSON()), "", " "); err != nil {
return err
}
fmt.Fprintln(outputfp, out.String())
if keyserver {
fmt.Fprintf(outputfp, "{\"PRIVSIGKEY\": %q}\n", uid.PrivateSigKey())
}
}
log.Infof("nym '%s' generated successfully", id)
return nil
}
func TestUIDMessage(t *testing.T) {
id := strings.Repeat("lp", 32) + "@" + strings.Repeat("x", 185) + ".one"
uid, err := uid.Create(id, true, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
uid, err = uid.Update(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// in JSON integers have a variable width, set them to maximum value
uid.UIDContent.MSGCOUNT = 18446744073709551615
uid.UIDContent.NOTAFTER = 18446744073709551615
uid.UIDContent.NOTBEFORE = 18446744073709551615
if len(uid.JSON()) != MaxUIDMessage {
t.Error("len(uid.JSON()) != MaxUIDMessage")
}
}
func TestEncrypteHeaderSizeAndPadding(t *testing.T) {
t.Parallel()
// setup UIDs and stuff
aliceUID, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
now := uint64(times.Now())
aliceKI, _, _, err := aliceUID.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
aliceKE, err := aliceKI.KeyEntryECDHE25519(aliceUID.SigPubKey())
if err != nil {
t.Fatal(err)
}
bobUID, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bobKI, _, _, err := bobUID.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bobKE, err := bobKI.KeyEntryECDHE25519(bobUID.SigPubKey())
if err != nil {
t.Fatal(err)
}
// create unencrypted header
h, err := newHeader(aliceUID, bobUID, bobKE.HASH, aliceKE, nil, nil, "", 0, 0,
hashchain.TestEntry, cipher.RandReader, StatusOK)
if err != nil {
t.Fatal(err)
}
// create sender key
senderHeaderKey, err := cipher.Curve25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// create (encrypted) header packet
recipientIdentityPub, err := bobUID.PublicKey()
if err != nil {
t.Fatal(err)
}
hp, err := newHeaderPacket(h, recipientIdentityPub,
senderHeaderKey.PrivateKey(), cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// write (encrypted) header packet
var buf bytes.Buffer
if err := hp.write(&buf); err != nil {
t.Fatal(err)
}
oh := newOuterHeader(encryptedHeader, 1, buf.Bytes())
if oh.size() != encryptedHeaderSize {
t.Errorf("oh.size() = %d != %d", oh.size(), encryptedHeaderSize)
}
}
func TestMaxMessageLength(t *testing.T) {
alice := "*****@*****.**"
aliceUID, err := uid.Create(alice, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bob := "*****@*****.**"
bobUID, err := uid.Create(bob, false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
now := uint64(times.Now())
bobKI, _, privateKey, err := bobUID.KeyInit(1, now+times.Day, now-times.Day,
false, "mute.berlin", "", "", cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bobKE, err := bobKI.KeyEntryECDHE25519(bobUID.SigPubKey())
if err != nil {
t.Fatal(err)
}
// create large message
message, err := padding.Generate(MaxContentLength, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// encrypt message from Alice to Bob
var encMsg bytes.Buffer
aliceKeyStore := memstore.New()
aliceKeyStore.AddPublicKeyEntry(bob, bobKE)
encryptArgs := &EncryptArgs{
Writer: &encMsg,
From: aliceUID,
To: bobUID,
SenderLastKeychainHash: hashchain.TestEntry,
PrivateSigKey: aliceUID.PrivateSigKey64(),
Reader: bytes.NewBuffer(message),
Rand: cipher.RandReader,
KeyStore: aliceKeyStore,
}
if _, err = Encrypt(encryptArgs); err != nil {
t.Fatal(err)
}
// decrypt message from Alice to Bob
var res bytes.Buffer
bobIdentities := []*uid.Message{bobUID}
input := base64.NewDecoder(&encMsg)
version, preHeader, err := ReadFirstOuterHeader(input)
if err != nil {
t.Fatal(err)
}
if version != Version {
t.Fatal("wrong version")
}
bobKeyStore := memstore.New()
if err := bobKE.SetPrivateKey(privateKey); err != nil {
t.Fatal(err)
}
bobKeyStore.AddPrivateKeyEntry(bobKE)
decryptArgs := &DecryptArgs{
Writer: &res,
Identities: bobIdentities,
PreHeader: preHeader,
Reader: input,
Rand: cipher.RandReader,
KeyStore: bobKeyStore,
}
_, _, err = Decrypt(decryptArgs)
if err != nil {
t.Fatal(err)
}
if res.String() != string(message) {
t.Fatal("messages differ")
}
}
func TestPrivateUID(t *testing.T) {
tmpdir, keyDB, err := createDB()
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tmpdir)
defer keyDB.Close()
alice, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
bob, err := uid.Create("*****@*****.**", false, "", "", uid.Strict,
hashchain.TestEntry, cipher.RandReader)
if err != nil {
t.Fatal(err)
}
if err := keyDB.AddPrivateUID(alice); err != nil {
t.Fatal(err)
}
if err := keyDB.AddPrivateUID(bob); err != nil {
t.Fatal(err)
}
identities, err := keyDB.GetPrivateIdentities()
if err != nil {
t.Fatal(err)
}
if len(identities) != 2 {
t.Error("wrong number of identities")
}
if !util.ContainsString(identities, "*****@*****.**") {
t.Error("alice missing from identities")
}
if !util.ContainsString(identities, "*****@*****.**") {
t.Error("bob missing from identities")
}
identities, err = keyDB.GetPrivateIdentitiesForDomain("mute.berlin")
if err != nil {
t.Fatal(err)
}
if len(identities) != 1 {
t.Error("wrong number of identities")
}
if !util.ContainsString(identities, "*****@*****.**") {
t.Error("alice missing from identities")
}
a, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
if err != nil {
t.Fatal(err)
}
b, _, err := keyDB.GetPrivateUID("*****@*****.**", true)
if err != nil {
t.Fatal(err)
}
if a.PrivateEncKey() != alice.PrivateEncKey() {
t.Error("PrivateEncKeys differ")
}
if a.PrivateSigKey() != alice.PrivateSigKey() {
t.Error("PrivateSigKeys differ")
}
if b.SigPubKey() != bob.SigPubKey() {
t.Error("SigPubKeys differ")
}
key, err := cipher.Ed25519Generate(cipher.RandReader)
if err != nil {
t.Fatal(err)
}
// encrypt
_, _, UIDMessageEncrypted := alice.Encrypt()
// create reply
reply := uid.CreateReply(UIDMessageEncrypted, "", 0, key)
if err := keyDB.AddPrivateUIDReply(alice, reply); err != nil {
t.Fatal(err)
}
if err := keyDB.DelPrivateUID(alice); err != nil {
t.Fatal(err)
}
_, _, err = keyDB.GetPrivateUID("*****@*****.**", false)
if err == nil {
t.Error("should fail")
}
}