|
| 1 | +package secretservice |
| 2 | + |
| 3 | +import ( |
| 4 | + "testing" |
| 5 | + |
| 6 | + "github.com/stretchr/testify/require" |
| 7 | +) |
| 8 | + |
| 9 | +func TestNewKeypair(t *testing.T) { |
| 10 | + group := rfc2409SecondOakleyGroup() |
| 11 | + private, public, err := group.NewKeypair() |
| 12 | + require.NoError(t, err) |
| 13 | + require.NotNil(t, private) |
| 14 | + require.NotNil(t, public) |
| 15 | + private2, public2, err := group.NewKeypair() |
| 16 | + require.NotEqual(t, private.Cmp(private2), 0, "should get different private key with every keygen") |
| 17 | + require.NotEqual(t, public.Cmp(public2), 0, "should get different public key with every keygen") |
| 18 | +} |
| 19 | + |
| 20 | +func TestKeygen(t *testing.T) { |
| 21 | + group := rfc2409SecondOakleyGroup() |
| 22 | + myPrivate, myPublic, err := group.NewKeypair() |
| 23 | + require.NoError(t, err) |
| 24 | + theirPrivate, theirPublic, err := group.NewKeypair() |
| 25 | + require.NoError(t, err) |
| 26 | + |
| 27 | + myKey, err := group.keygenHKDFSHA256AES128(theirPublic, myPrivate) |
| 28 | + theirKey, err := group.keygenHKDFSHA256AES128(myPublic, theirPrivate) |
| 29 | + require.Equal(t, myKey, theirKey) |
| 30 | +} |
| 31 | + |
| 32 | +func TestEncryption(t *testing.T) { |
| 33 | + key := []byte("YELLOW SUBMARINE") |
| 34 | + plaintext := []byte("hello world") |
| 35 | + iv, ciphertext, err := unauthenticatedAESCBCEncrypt(plaintext, key) |
| 36 | + require.NoError(t, err) |
| 37 | + gotPlaintext, err := unauthenticatedAESCBCDecrypt(iv, ciphertext, key) |
| 38 | + require.NoError(t, err) |
| 39 | + require.Equal(t, plaintext, gotPlaintext) |
| 40 | +} |
| 41 | + |
| 42 | +func TestEncryptionRng(t *testing.T) { |
| 43 | + key := []byte("YELLOW SUBMARINE") |
| 44 | + plaintext := []byte("hello world") |
| 45 | + iv1, ciphertext1, err := unauthenticatedAESCBCEncrypt(plaintext, key) |
| 46 | + require.NoError(t, err) |
| 47 | + iv2, ciphertext2, err := unauthenticatedAESCBCEncrypt(plaintext, key) |
| 48 | + require.NoError(t, err) |
| 49 | + require.NotEqual(t, iv1, iv2) |
| 50 | + require.NotEqual(t, ciphertext1, ciphertext2) |
| 51 | +} |
| 52 | + |
| 53 | +var pkcs7tests = []struct { |
| 54 | + in []byte |
| 55 | + out []byte |
| 56 | +}{ |
| 57 | + {[]byte{}, []byte{4, 4, 4, 4}}, |
| 58 | + {[]byte{1, 2}, []byte{1, 2, 2, 2}}, |
| 59 | + {[]byte{1, 2, 3}, []byte{1, 2, 3, 1}}, |
| 60 | + {[]byte{1, 2, 3, 4}, []byte{1, 2, 3, 4, 4, 4, 4, 4}}, |
| 61 | + {[]byte{1, 2, 3, 4, 5}, []byte{1, 2, 3, 4, 5, 3, 3, 3}}, |
| 62 | + {[]byte{1, 2, 3, 4, 1, 1, 1}, []byte{1, 2, 3, 4, 1, 1, 1, 1}}, |
| 63 | +} |
| 64 | + |
| 65 | +func TestPKCS7(t *testing.T) { |
| 66 | + for _, testCase := range pkcs7tests { |
| 67 | + require.Equal(t, padPKCS7(testCase.in, 4), testCase.out) |
| 68 | + preimage, err := unpadPKCS7(testCase.out, 4) |
| 69 | + require.NoError(t, err) |
| 70 | + require.Equal(t, preimage, testCase.in) |
| 71 | + } |
| 72 | + |
| 73 | + _, err := unpadPKCS7([]byte{}, 4) |
| 74 | + require.Error(t, err) |
| 75 | + _, err = unpadPKCS7([]byte{1, 2, 3, 4}, 4) |
| 76 | + require.Error(t, err) |
| 77 | + _, err = unpadPKCS7([]byte{1, 2, 3, 3}, 4) |
| 78 | + require.Error(t, err) |
| 79 | + _, err = unpadPKCS7([]byte{1, 2, 3, 4, 1, 1, 1, 2}, 4) |
| 80 | + require.Error(t, err) |
| 81 | +} |
0 commit comments