passforios-gopenpgp/crypto/sessionkey_test.go

package crypto

import (
	"testing"

	"github.com/ProtonMail/gopenpgp/v2/constants"
	"github.com/stretchr/testify/assert"
)

var testSessionKey *SessionKey

func init() {
	var err error
	testSessionKey, err = GenerateSessionKey()
	if err != nil {
		panic("Expected no error while generating random session key with default algorithm, got:" + err.Error())
	}
}

func TestRandomToken(t *testing.T) {
	token40, err := RandomToken(40)
	if err != nil {
		t.Fatal("Expected no error while generating random token, got:", err)
	}
	assert.Len(t, token40, 40)
}

func TestGenerateSessionKey(t *testing.T) {
	assert.Len(t, testSessionKey.Key, 32)
}

func TestAsymmetricKeyPacket(t *testing.T) {
	keyPacket, err := keyRingTestPublic.EncryptSessionKey(testSessionKey)
	if err != nil {
		t.Fatal("Expected no error while generating key packet, got:", err)
	}

	// Password defined in keyring_test
	outputSymmetricKey, err := keyRingTestPrivate.DecryptSessionKey(keyPacket)
	if err != nil {
		t.Fatal("Expected no error while decrypting key packet, got:", err)
	}

	assert.Exactly(t, testSessionKey, outputSymmetricKey)
}

func TestMultipleAsymmetricKeyPacket(t *testing.T) {
	keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)
	if err != nil {
		t.Fatal("Expected no error while generating key packet, got:", err)
	}

	// Password defined in keyring_test
	outputSymmetricKey, err := keyRingTestMultiple.DecryptSessionKey(keyPacket)
	if err != nil {
		t.Fatal("Expected no error while decrypting key packet, got:", err)
	}

	assert.Exactly(t, testSessionKey, outputSymmetricKey)
}

func TestSymmetricKeyPacket(t *testing.T) {
	password := []byte("I like encryption")

	keyPacket, err := EncryptSessionKeyWithPassword(testSessionKey, password)
	if err != nil {
		t.Fatal("Expected no error while generating key packet, got:", err)
	}

	wrongSymmetricKey, err := DecryptSessionKeyWithPassword(keyPacket, []byte("Wrong password"))
	if err != nil {
		assert.EqualError(t, err, "gopenpgp: unable to decrypt any packet")
	} else {
		assert.NotEqual(t, testSessionKey, wrongSymmetricKey)
	}

	outputSymmetricKey, err := DecryptSessionKeyWithPassword(keyPacket, password)
	if err != nil {
		t.Fatal("Expected no error while decrypting key packet, got:", err)
	}
	assert.Exactly(t, testSessionKey, outputSymmetricKey)
}

func TestDataPacketEncryption(t *testing.T) {
	var message = NewPlainMessageFromString("The secret code is... 1, 2, 3, 4, 5")

	// Encrypt data with session key
	dataPacket, err := testSessionKey.Encrypt(message)
	if err != nil {
		t.Fatal("Expected no error when encrypting, got:", err)
	}
	// Decrypt data with wrong session key
	wrongKey := SessionKey{
		Key:  []byte("wrong pass"),
		Algo: constants.AES256,
	}
	_, err = wrongKey.Decrypt(dataPacket)
	assert.NotNil(t, err)

	// Decrypt data with the good session key
	decrypted, err := testSessionKey.Decrypt(dataPacket)
	if err != nil {
		t.Fatal("Expected no error when decrypting, got:", err)
	}
	assert.Exactly(t, message.GetString(), decrypted.GetString())

	// Encrypt session key
	assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
	keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)
	if err != nil {
		t.Fatal("Unable to encrypt key packet, got:", err)
	}

	// Join key packet and data packet in single message
	splitMessage := NewPGPSplitMessage(keyPacket, dataPacket)

	// Armor and un-armor message. In alternative it can also be done with NewPgpMessage(splitMessage.GetBinary())
	armored, err := splitMessage.GetArmored()
	if err != nil {
		t.Fatal("Unable to armor split message, got:", err)
	}

	pgpMessage, err := NewPGPMessageFromArmored(armored)
	if err != nil {
		t.Fatal("Unable to unarmor pgp message, got:", err)
	}
	ids, ok := pgpMessage.getEncryptionKeyIDs()
	assert.True(t, ok)
	assert.Exactly(t, 3, len(ids))

	// Test if final decryption succeeds
	finalMessage, err := keyRingTestPrivate.Decrypt(pgpMessage, nil, 0)
	if err != nil {
		t.Fatal("Unable to decrypt joined keypacket and datapacket, got:", err)
	}

	assert.Exactly(t, message.GetString(), finalMessage.GetString())
}

func TestDataPacketDecryption(t *testing.T) {
	pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_signed", false))
	if err != nil {
		t.Fatal("Expected no error when unarmoring, got:", err)
	}

	split, err := pgpMessage.SeparateKeyAndData(1024, 0)
	if err != nil {
		t.Fatal("Expected no error when splitting, got:", err)
	}

	sessionKey, err := keyRingTestPrivate.DecryptSessionKey(split.GetBinaryKeyPacket())
	if err != nil {
		t.Fatal("Expected no error when decrypting session key, got:", err)
	}

	decrypted, err := sessionKey.Decrypt(split.GetBinaryDataPacket())
	if err != nil {
		t.Fatal("Expected no error when decrypting, got:", err)
	}

	assert.Exactly(t, readTestFile("message_plaintext", true), decrypted.GetString())
}

func TestSessionKeyClear(t *testing.T) {
	testSessionKey.Clear()
	assertMemCleared(t, testSessionKey.Key)
}
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`package crypto`

			`import (`
			`"testing"`

			`"github.com/ProtonMail/gopenpgp/v2/constants"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`var testSessionKey *SessionKey`

			`func init() {`
			`var err error`
			`testSessionKey, err = GenerateSessionKey()`
			`if err != nil {`
			`panic("Expected no error while generating random session key with default algorithm, got:" + err.Error())`
			`}`
			`}`

			`func TestRandomToken(t *testing.T) {`
			`token40, err := RandomToken(40)`
			`if err != nil {`
			`t.Fatal("Expected no error while generating random token, got:", err)`
			`}`
			`assert.Len(t, token40, 40)`
			`}`

			`func TestGenerateSessionKey(t *testing.T) {`
			`assert.Len(t, testSessionKey.Key, 32)`
			`}`

			`func TestAsymmetricKeyPacket(t *testing.T) {`
			`keyPacket, err := keyRingTestPublic.EncryptSessionKey(testSessionKey)`
			`if err != nil {`
			`t.Fatal("Expected no error while generating key packet, got:", err)`
			`}`

			`// Password defined in keyring_test`
			`outputSymmetricKey, err := keyRingTestPrivate.DecryptSessionKey(keyPacket)`
			`if err != nil {`
			`t.Fatal("Expected no error while decrypting key packet, got:", err)`
			`}`

			`assert.Exactly(t, testSessionKey, outputSymmetricKey)`
			`}`

Encrypt session key to multiple keys in keyring. (#59) `EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it> 2020-07-10 00:31:57 +07:00			`func TestMultipleAsymmetricKeyPacket(t *testing.T) {`
			`keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)`
			`if err != nil {`
			`t.Fatal("Expected no error while generating key packet, got:", err)`
			`}`

			`// Password defined in keyring_test`
			`outputSymmetricKey, err := keyRingTestMultiple.DecryptSessionKey(keyPacket)`
			`if err != nil {`
			`t.Fatal("Expected no error while decrypting key packet, got:", err)`
			`}`

			`assert.Exactly(t, testSessionKey, outputSymmetricKey)`
			`}`

Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`func TestSymmetricKeyPacket(t *testing.T) {`
			`password := []byte("I like encryption")`

			`keyPacket, err := EncryptSessionKeyWithPassword(testSessionKey, password)`
			`if err != nil {`
			`t.Fatal("Expected no error while generating key packet, got:", err)`
			`}`

Fix symmetric session key test 2020-04-29 17:23:16 +02:00			`wrongSymmetricKey, err := DecryptSessionKeyWithPassword(keyPacket, []byte("Wrong password"))`
			`if err != nil {`
			`assert.EqualError(t, err, "gopenpgp: unable to decrypt any packet")`
			`} else {`
			`assert.NotEqual(t, testSessionKey, wrongSymmetricKey)`
			`}`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00
			`outputSymmetricKey, err := DecryptSessionKeyWithPassword(keyPacket, password)`
			`if err != nil {`
			`t.Fatal("Expected no error while decrypting key packet, got:", err)`
			`}`
			`assert.Exactly(t, testSessionKey, outputSymmetricKey)`
			`}`

			`func TestDataPacketEncryption(t *testing.T) {`
			`var message = NewPlainMessageFromString("The secret code is... 1, 2, 3, 4, 5")`

			`// Encrypt data with session key`
			`dataPacket, err := testSessionKey.Encrypt(message)`
			`if err != nil {`
			`t.Fatal("Expected no error when encrypting, got:", err)`
			`}`
			`// Decrypt data with wrong session key`
			`wrongKey := SessionKey{`
			`Key: []byte("wrong pass"),`
			`Algo: constants.AES256,`
			`}`
			`_, err = wrongKey.Decrypt(dataPacket)`
			`assert.NotNil(t, err)`

			`// Decrypt data with the good session key`
			`decrypted, err := testSessionKey.Decrypt(dataPacket)`
			`if err != nil {`
			`t.Fatal("Expected no error when decrypting, got:", err)`
			`}`
			`assert.Exactly(t, message.GetString(), decrypted.GetString())`

			`// Encrypt session key`
Encrypt session key to multiple keys in keyring. (#59) `EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it> 2020-07-10 00:31:57 +07:00			`assert.Exactly(t, 3, len(keyRingTestMultiple.entities))`
			`keyPacket, err := keyRingTestMultiple.EncryptSessionKey(testSessionKey)`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00			`if err != nil {`
			`t.Fatal("Unable to encrypt key packet, got:", err)`
			`}`

			`// Join key packet and data packet in single message`
			`splitMessage := NewPGPSplitMessage(keyPacket, dataPacket)`

			`// Armor and un-armor message. In alternative it can also be done with NewPgpMessage(splitMessage.GetBinary())`
			`armored, err := splitMessage.GetArmored()`
			`if err != nil {`
			`t.Fatal("Unable to armor split message, got:", err)`
			`}`

			`pgpMessage, err := NewPGPMessageFromArmored(armored)`
			`if err != nil {`
			`t.Fatal("Unable to unarmor pgp message, got:", err)`
			`}`
Encrypt session key to multiple keys in keyring. (#59) `EncryptSessionKey` now creates encrypted key packet for each valid key in keyring. Co-authored-by: Aron Wussler <aron@wussler.it> 2020-07-10 00:31:57 +07:00			`ids, ok := pgpMessage.getEncryptionKeyIDs()`
			`assert.True(t, ok)`
			`assert.Exactly(t, 3, len(ids))`
Openpgp security update (V2) (#31) * Change keyring unlock functionalities * Add keyring#Lock, keyring#CheckIntegrity, tests * Update helpers, fix bugs * Update go.mod with ProtonMail/crypto commit * Change key management system * Clear keys from memory + tests * Create SessionKey with direct encryption for datapackets. Move symmetrickey to password. * Fix upstream dependencies * Update module to V2, documentation * Add linter * Add v2 folder to .gitignore * Minor changes to KeyID getters * Remove old changelog * Improve docs, remove compilation script 2019-12-27 19:35:43 +01:00
			`// Test if final decryption succeeds`
			`finalMessage, err := keyRingTestPrivate.Decrypt(pgpMessage, nil, 0)`
			`if err != nil {`
			`t.Fatal("Unable to decrypt joined keypacket and datapacket, got:", err)`
			`}`

			`assert.Exactly(t, message.GetString(), finalMessage.GetString())`
			`}`

			`func TestDataPacketDecryption(t *testing.T) {`
			`pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_signed", false))`
			`if err != nil {`
			`t.Fatal("Expected no error when unarmoring, got:", err)`
			`}`

			`split, err := pgpMessage.SeparateKeyAndData(1024, 0)`
			`if err != nil {`
			`t.Fatal("Expected no error when splitting, got:", err)`
			`}`

			`sessionKey, err := keyRingTestPrivate.DecryptSessionKey(split.GetBinaryKeyPacket())`
			`if err != nil {`
			`t.Fatal("Expected no error when decrypting session key, got:", err)`
			`}`

			`decrypted, err := sessionKey.Decrypt(split.GetBinaryDataPacket())`
			`if err != nil {`
			`t.Fatal("Expected no error when decrypting, got:", err)`
			`}`

			`assert.Exactly(t, readTestFile("message_plaintext", true), decrypted.GetString())`
			`}`

			`func TestSessionKeyClear(t *testing.T) {`
			`testSessionKey.Clear()`
			`assertMemCleared(t, testSessionKey.Key)`
			`}`