-
Notifications
You must be signed in to change notification settings - Fork 64
/
signcrypt_open_test.go
79 lines (61 loc) · 2.47 KB
/
signcrypt_open_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
// Copyright 2017 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package saltpack
import (
"bytes"
"errors"
"io"
"testing"
"github.com/stretchr/testify/require"
)
func TestDecryptErrorAtEOF(t *testing.T) {
plaintext := randomMsg(t, 128)
keyring, receiverBoxKeys := makeKeyringWithOneKey(t)
senderSigningPrivKey := makeSigningKey(t, keyring)
sealed, err := SigncryptSeal(plaintext, ephemeralKeyCreator{}, senderSigningPrivKey, receiverBoxKeys, nil)
require.NoError(t, err)
var reader io.Reader = bytes.NewReader(sealed)
errAtEOF := errors.New("err at EOF")
reader = errAtEOFReader{reader, errAtEOF}
_, stream, err := NewSigncryptOpenStream(reader, keyring, nil)
require.NoError(t, err)
msg, err := io.ReadAll(stream)
requireErrSuffix(t, err, errAtEOF.Error())
// Since the bytes are still authenticated, the decrypted
// message should still compare equal to the original input.
require.Equal(t, plaintext, msg)
}
func TestDecryptNoKey(t *testing.T) {
plaintext := randomMsg(t, 128)
keyring, receiverBoxKeys := makeKeyringWithOneKey(t)
senderSigningPrivKey := makeSigningKey(t, keyring)
sealed, err := SigncryptSeal(plaintext, ephemeralKeyCreator{}, senderSigningPrivKey, receiverBoxKeys, nil)
require.NoError(t, err)
// Open with empty keyring
emptyKeyring := makeEmptyKeyring(t)
sender, msg, openErr := SigncryptOpen(sealed, emptyKeyring, nil)
require.Equal(t, openErr, ErrNoDecryptionKey)
require.Nil(t, sender)
require.Empty(t, msg)
}
func TestDecryptNoSender(t *testing.T) {
plaintext := randomMsg(t, 128)
aliceSigningPrivKey := makeSigningSecretKey(t)
bobKeyring := makeEmptyKeyring(t)
bobBoxKey, createErr := createEphemeralKey(false)
require.NoError(t, createErr)
bobKeyring.insert(bobBoxKey)
sealed, err := SigncryptSeal(plaintext, ephemeralKeyCreator{}, aliceSigningPrivKey, []BoxPublicKey{bobBoxKey.GetPublicKey()}, nil)
require.NoError(t, err)
// Open with only (reciever) key in keyring (not sender)
sender, msg, openErr := SigncryptOpen(sealed, bobKeyring, nil)
require.Equal(t, openErr, ErrNoSenderKey{Sender: aliceSigningPrivKey.GetPublicKey().ToKID()})
require.Nil(t, sender)
require.Empty(t, msg)
// Add signing key and try open again
bobKeyring.insertSigningKey(aliceSigningPrivKey)
sender2, msg2, openErr2 := SigncryptOpen(sealed, bobKeyring, nil)
require.NoError(t, openErr2)
require.Equal(t, plaintext, msg2)
require.Equal(t, sender2.ToKID(), aliceSigningPrivKey.GetPublicKey().ToKID())
}