Пример #1
0
func TestVerifyFailure(t *testing.T) {
	msg, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	other, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// success
	ki, _, _, err := msg.KeyInit(1, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	ki2, _, _, err := other.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// repo URI
	if err := ki.Verify(nil, msg.UIDContent.SIGKEY.PUBKEY); err != ErrRepoURI {
		t.Error("should fail")
	}
	// sighash
	uris := make([]string, 1)
	uris[0] = "mute.berlin"
	if err := ki.Verify(uris, other.UIDContent.SIGKEY.PUBKEY); err != ErrWrongSigKeyHash {
		t.Error("should fail")
	}
	// bad signature
	sig := ki.SIGNATURE
	ki.SIGNATURE = "!"
	if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err == nil {
		t.Error("should fail")
	}
	ki.SIGNATURE = sig
	pubKey := msg.UIDContent.SIGKEY.PUBKEY
	msg.UIDContent.SIGKEY.PUBKEY = "!"
	if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err == nil {
		t.Error("should fail")
	}
	// wrong signature
	msg.UIDContent.SIGKEY.PUBKEY = pubKey
	ki.SIGNATURE = ki2.SIGNATURE
	if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err != ErrInvalidKeyInitSig {
		t.Error("should fail")
	}
	// invalid times
	ki2.Contents.MSGCOUNT = 1
	ki2.Contents.NOTAFTER = 0
	if err := ki2.Verify(uris, other.UIDContent.SIGKEY.PUBKEY); err != ErrInvalidTimes {
		t.Error("should fail")
	}
}
Пример #2
0
func TestKeyInitSuccess(t *testing.T) {
	msg, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// success
	ki, _, _, err := msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	if err := ki.Check(); err != nil {
		t.Error(err)
	}
	// getter methods
	if ki.MsgCount() != ki.Contents.MSGCOUNT {
		t.Error("msgCount mismatch")
	}
	if ki.SigKeyHash() != ki.Contents.SIGKEYHASH {
		t.Error("sigKeyHash mismatch")
	}
	// JSON conversion
	jsn := ki.JSON()
	jsnKI, err := NewJSONKeyInit(jsn)
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(jsn, jsnKI.JSON()) {
		t.Errorf("KeyInits differ")
	}
	// verify
	uris := make([]string, 1)
	uris[0] = "mute.berlin"
	if err := ki.Verify(uris, msg.UIDContent.SIGKEY.PUBKEY); err != nil {
		t.Error(err)
	}
	// sign
	sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	sig := ki.Sign(sigKey)
	// verify signature
	pubKey := base64.Encode(sigKey.PublicKey()[:])
	if err := ki.VerifySrvSig(sig, pubKey); err != nil {
		t.Error(err)
	}
}
Пример #3
0
func TestKeyInitFailure(t *testing.T) {
	msg, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// invalid times
	_, _, _, err = msg.KeyInit(0, 0, 0, false, "mute.berlin", "", "",
		cipher.RandReader)
	if err != ErrInvalidTimes {
		t.Error("should fail")
	}
	_, _, _, err = msg.KeyInit(0, 1, 0, false, "mute.berlin", "", "",
		cipher.RandReader)
	if err != ErrExpired {
		t.Error("should fail")
	}
	_, _, _, err = msg.KeyInit(0, uint64(times.OneYearLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != ErrFuture {
		t.Fatal(err)
	}
	// rand fail
	_, _, _, err = msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandFail)
	if err == nil {
		t.Error("should fail")
	}
	// decode failure
	msg.UIDContent.SIGKEY.HASH = "!"
	_, _, _, err = msg.KeyInit(0, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err == nil {
		t.Error("should fail")
	}
}
Пример #4
0
func TestVerifySrvSigfailure(t *testing.T) {
	msg, err := Create("*****@*****.**", false, "", "", Strict,
		hashchain.TestEntry, cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// success
	ki, _, _, err := msg.KeyInit(1, uint64(times.NinetyDaysLater()), 0, false,
		"mute.berlin", "", "", cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	// sign
	sigKey, err := cipher.Ed25519Generate(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	sig := ki.Sign(sigKey)
	pubKey := base64.Encode(sigKey.PublicKey()[:])
	// invalid signature
	if err := ki.VerifySrvSig("!", pubKey); err == nil {
		t.Error("should fail")
	}
	// invalid public key
	if err := ki.VerifySrvSig(sig, "!"); err == nil {
		t.Error("should fail")
	}
	// invalid signature
	var signature [ed25519.PrivateKeySize]byte
	if _, err := io.ReadFull(cipher.RandReader, signature[:]); err != nil {
		t.Fatal(err)
	}
	sig = base64.Encode(signature[:])
	if err := ki.VerifySrvSig(sig, pubKey); err == nil {
		t.Error("should fail")
	}
}
Пример #5
0
func TestAccount(t *testing.T) {
	tmpdir, msgDB, err := createDB()
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tmpdir)
	defer msgDB.Close()
	a := "*****@*****.**"
	b := "*****@*****.**"
	if err := msgDB.AddNym(a, a, "Alice"); err != nil {
		t.Fatal(err)
	}
	if err := msgDB.AddContact(a, b, b, "Bob", WhiteList); err != nil {
		t.Fatal(err)
	}
	// add acounts
	_, privkey1, err := ed25519.GenerateKey(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	_, privkey2, err := ed25519.GenerateKey(cipher.RandReader)
	if err != nil {
		t.Fatal(err)
	}
	server1 := "accounts001.mute.berlin"
	server2 := "accounts002.mute.berlin"
	var secret1 [64]byte
	var secret2 [64]byte
	if _, err := io.ReadFull(cipher.RandReader, secret1[:]); err != nil {
		t.Fatal(err)
	}
	if _, err := io.ReadFull(cipher.RandReader, secret2[:]); err != nil {
		t.Fatal(err)
	}
	err = msgDB.AddAccount(a, "", privkey1, server1, &secret1,
		def.MinMinDelay, def.MinMaxDelay)
	if err != nil {
		t.Fatal(err)
	}
	contacts, err := msgDB.GetAccounts(a)
	if err != nil {
		t.Fatal(err)
	}
	if len(contacts) != 1 {
		t.Error("len(contacts) != 1")
	} else {
		if contacts[0] != "" {
			t.Error("contacts[0] != \"\"")
		}
	}
	err = msgDB.AddAccount(a, b, privkey2, server2, &secret2,
		def.MinMinDelay, def.MinMaxDelay)
	if err != nil {
		t.Fatal(err)
	}
	// set account time
	now := times.Now()
	d90 := times.NinetyDaysLater()
	d365 := times.OneYearLater()
	if err := msgDB.SetAccountTime(a, "", d90); err != nil {
		t.Fatal(err)
	}
	if err := msgDB.SetAccountTime(a, b, d365); err != nil {
		t.Fatal(err)
	}
	if err := msgDB.SetAccountLastMsg(a, b, now); err != nil {
		t.Fatal(err)
	}
	// get account
	pk1, srv1, scrt1, minDelay, maxDelay, lastTime1, err := msgDB.GetAccount(a, "")
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(pk1[:], privkey1[:]) {
		t.Error("pk1 != privkey1")
	}
	if srv1 != server1 {
		t.Error("srv1 != server1")
	}
	if !bytes.Equal(scrt1[:], secret1[:]) {
		t.Error("scrt1 != secret1")
	}
	if minDelay != def.MinMinDelay {
		t.Error("minDelay != def.MinMinDelay")
	}
	if maxDelay != def.MinMaxDelay {
		t.Error("maxDelay != def.MinMaxDelay")
	}
	if lastTime1 != 0 {
		t.Error("lastTime1 != 0")
	}
	pk2, srv2, scrt2, _, _, lastTime2, err := msgDB.GetAccount(a, b)
	if err != nil {
		t.Fatal(err)
	}
	if !bytes.Equal(pk2[:], privkey2[:]) {
		t.Error("pk2 != privkey2")
	}
	if srv2 != server2 {
		t.Error("srv2 != server2")
	}
	if !bytes.Equal(scrt2[:], secret2[:]) {
		t.Error("scrt2 != secret2")
	}
	if lastTime2 != now {
		t.Error("lastTime2 != now")
	}
	// get accounts
	contacts, err = msgDB.GetAccounts(a)
	if err != nil {
		t.Fatal(err)
	}
	if len(contacts) != 2 {
		t.Error("len(contacts) != 2")
	} else {
		if contacts[0] != "" {
			t.Error("contacts[0] != \"\"")
		}
		if contacts[1] != b {
			t.Error("contacts[1] != b")
		}
	}
	// get account time
	t1, err := msgDB.GetAccountTime(a, "")
	if err != nil {
		t.Fatal(err)
	}
	if t1 != d90 {
		t.Error("t1 != d90")
	}
	t2, err := msgDB.GetAccountTime(a, b)
	if err != nil {
		t.Fatal(err)
	}
	if t2 != d365 {
		t.Error("t2 != d365")
	}
}
Пример #6
0
func (ce *CryptEngine) addKeyInit(pseudonym, mixaddress, nymaddress, token string) error {
	// map pseudonym
	id, domain, err := identity.MapPlus(pseudonym)
	if err != nil {
		return err
	}
	// TODO: check token?
	// generate KeyInit
	msg, _, err := ce.keyDB.GetPrivateUID(id, true)
	if err != nil {
		return err
	}
	// TODO: fix parameter!
	ki, pubKeyHash, privateKey, err := msg.KeyInit(0,
		uint64(times.NinetyDaysLater()), 0, true, domain, mixaddress,
		nymaddress, cipher.RandReader)
	if err != nil {
		return err
	}
	var (
		kis          []*uid.KeyInit
		pubKeyHashes []string
		privateKeys  []string
		tokens       []string
	)
	kis = append(kis, ki)
	pubKeyHashes = append(pubKeyHashes, pubKeyHash)
	privateKeys = append(privateKeys, privateKey)
	tokens = append(tokens, token)
	// get JSON-RPC client and capabilities
	client, caps, err := ce.cache.Get(domain, ce.keydPort, ce.keydHost,
		ce.homedir, "KeyInitRepository.AddKeyInit")
	if err != nil {
		return err
	}
	// call server
	content := make(map[string]interface{})
	content["SigPubKey"] = msg.UIDContent.SIGKEY.PUBKEY
	content["KeyInits"] = kis
	content["Tokens"] = tokens
	reply, err := client.JSONRPCRequest("KeyInitRepository.AddKeyInit", content)
	if err != nil {
		return err
	}
	// verify server signatures
	sigs, ok := reply["Signatures"].([]interface{})
	if !ok {
		return log.Errorf("cryptengine: could not add key inits for '%s'", msg.UIDContent.IDENTITY)
	}
	if len(kis) != len(sigs) {
		return log.Error("cryptengine: number of returned signatures does not equal number of sent key init messages")
	}
	for i, ki := range kis {
		sig, ok := sigs[i].(string)
		if !ok {
			return log.Error("cryptengine: signature is not a string")
		}
		// TODO: keyserver can return more than one SIGPUBKEY
		if err := ki.VerifySrvSig(sig, caps.SIGPUBKEYS[0]); err != nil {
			return err
		}
	}
	// store server key init messages and server signatures
	for i, ki := range kis {
		sig := sigs[i].(string) // cast has been checked already above
		if err := ce.keyDB.AddPrivateKeyInit(ki, pubKeyHashes[i], msg.SigPubKey(), privateKeys[i], sig); err != nil {
			return err
		}
	}
	return nil
}