2019-05-14 15:39:35 +02:00
|
|
|
package crypto
|
|
|
|
|
|
|
|
|
|
import (
|
2019-08-29 17:45:13 +02:00
|
|
|
"bytes"
|
2019-06-03 17:00:01 +02:00
|
|
|
"encoding/base64"
|
2019-05-14 15:39:35 +02:00
|
|
|
"testing"
|
2020-07-02 15:55:11 +07:00
|
|
|
"time"
|
2019-06-03 17:00:01 +02:00
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2019-08-29 17:45:13 +02:00
|
|
|
"golang.org/x/crypto/openpgp/packet"
|
2019-05-14 15:39:35 +02:00
|
|
|
)
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
func TestTextMessageEncryptionWithPassword(t *testing.T) {
|
2019-06-03 17:00:01 +02:00
|
|
|
var message = NewPlainMessageFromString("The secret code is... 1, 2, 3, 4, 5")
|
2019-05-14 15:39:35 +02:00
|
|
|
|
2019-06-03 17:00:01 +02:00
|
|
|
// Encrypt data with password
|
2019-12-27 19:35:43 +01:00
|
|
|
encrypted, err := EncryptMessageWithPassword(message, testSymmetricKey)
|
2019-06-03 17:00:01 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
// Decrypt data with wrong password
|
2019-12-27 19:35:43 +01:00
|
|
|
_, err = DecryptMessageWithPassword(encrypted, []byte("Wrong password"))
|
2019-06-03 17:00:01 +02:00
|
|
|
assert.NotNil(t, err)
|
|
|
|
|
|
|
|
|
|
// Decrypt data with the good password
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err := DecryptMessageWithPassword(encrypted, testSymmetricKey)
|
2019-06-03 17:00:01 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, message.GetString(), decrypted.GetString())
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
func TestBinaryMessageEncryptionWithPassword(t *testing.T) {
|
2019-06-03 17:00:01 +02:00
|
|
|
binData, _ := base64.StdEncoding.DecodeString("ExXmnSiQ2QCey20YLH6qlLhkY3xnIBC1AwlIXwK/HvY=")
|
|
|
|
|
var message = NewPlainMessage(binData)
|
2019-05-14 15:39:35 +02:00
|
|
|
|
|
|
|
|
// Encrypt data with password
|
2019-12-27 19:35:43 +01:00
|
|
|
encrypted, err := EncryptMessageWithPassword(message, testSymmetricKey)
|
2019-05-14 15:39:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
// Decrypt data with wrong password
|
2019-12-27 19:35:43 +01:00
|
|
|
_, err = DecryptMessageWithPassword(encrypted, []byte("Wrong password"))
|
2019-05-14 15:39:35 +02:00
|
|
|
assert.NotNil(t, err)
|
2019-06-03 17:00:01 +02:00
|
|
|
|
2019-05-14 15:39:35 +02:00
|
|
|
// Decrypt data with the good password
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err := DecryptMessageWithPassword(encrypted, testSymmetricKey)
|
2019-05-14 15:39:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
2019-06-03 17:00:01 +02:00
|
|
|
assert.Exactly(t, message, decrypted)
|
2019-05-14 15:39:35 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-03 17:00:01 +02:00
|
|
|
func TestTextMessageEncryption(t *testing.T) {
|
|
|
|
|
var message = NewPlainMessageFromString("plain text")
|
2019-05-14 15:39:35 +02:00
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
ciphertext, err := keyRingTestPublic.Encrypt(message, keyRingTestPrivate)
|
2019-06-03 17:00:01 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err := keyRingTestPrivate.Decrypt(ciphertext, keyRingTestPublic, GetUnixTime())
|
2019-06-03 17:00:01 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, message.GetString(), decrypted.GetString())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestBinaryMessageEncryption(t *testing.T) {
|
|
|
|
|
binData, _ := base64.StdEncoding.DecodeString("ExXmnSiQ2QCey20YLH6qlLhkY3xnIBC1AwlIXwK/HvY=")
|
|
|
|
|
var message = NewPlainMessage(binData)
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
ciphertext, err := keyRingTestPublic.Encrypt(message, keyRingTestPrivate)
|
2019-05-14 15:39:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
2019-06-03 17:00:01 +02:00
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err := keyRingTestPrivate.Decrypt(ciphertext, keyRingTestPublic, GetUnixTime())
|
2019-05-14 15:39:35 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
2019-06-03 17:00:01 +02:00
|
|
|
assert.Exactly(t, message.GetBinary(), decrypted.GetBinary())
|
2019-08-29 17:45:13 +02:00
|
|
|
|
|
|
|
|
// Decrypt without verifying
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err = keyRingTestPrivate.Decrypt(ciphertext, nil, 0)
|
2019-08-29 17:45:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, message.GetString(), decrypted.GetString())
|
2019-05-14 15:39:35 +02:00
|
|
|
}
|
2019-06-04 18:10:31 +02:00
|
|
|
|
|
|
|
|
func TestIssue11(t *testing.T) {
|
2019-12-27 19:35:43 +01:00
|
|
|
var issue11Password = []byte("1234")
|
|
|
|
|
|
|
|
|
|
issue11Key, err := NewKeyFromArmored(readTestFile("issue11_privatekey", false))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error while unarmoring private keyring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
issue11Key, err = issue11Key.Unlock(issue11Password)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error while unlocking private key, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
issue11Keyring, err := NewKeyRing(issue11Key)
|
2019-06-04 18:10:31 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error while bulding private keyring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
senderKey, err := NewKeyFromArmored(readTestFile("issue11_publickey", false))
|
2019-06-04 18:10:31 +02:00
|
|
|
if err != nil {
|
2019-12-27 19:35:43 +01:00
|
|
|
t.Fatal("Expected no error while unarmoring public keyring, got:", err)
|
2019-06-04 18:10:31 +02:00
|
|
|
}
|
2019-12-27 19:35:43 +01:00
|
|
|
assert.Exactly(t, "643b3595e6ee4fdf", senderKey.GetHexKeyID())
|
2019-06-04 18:10:31 +02:00
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
senderKeyring, err := NewKeyRing(senderKey)
|
2019-06-04 18:10:31 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error while building public keyring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pgpMessage, err := NewPGPMessageFromArmored(readTestFile("issue11_message", false))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error while unlocking private keyring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
plainMessage, err := issue11Keyring.Decrypt(pgpMessage, senderKeyring, 0)
|
2019-06-04 18:10:31 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error while decrypting/verifying, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
assert.Exactly(t, "message from sender", plainMessage.GetString())
|
|
|
|
|
}
|
2019-08-29 17:45:13 +02:00
|
|
|
|
|
|
|
|
func TestSignedMessageDecryption(t *testing.T) {
|
|
|
|
|
pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_signed", false))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when unarmoring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err := keyRingTestPrivate.Decrypt(pgpMessage, nil, 0)
|
2019-08-29 17:45:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, readTestFile("message_plaintext", true), decrypted.GetString())
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 13:45:59 +02:00
|
|
|
func TestSHA256SignedMessageDecryption(t *testing.T) {
|
|
|
|
|
pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_sha256_signed", false))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when unarmoring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
decrypted, err := keyRingTestPrivate.Decrypt(pgpMessage, keyRingTestPrivate, 0)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, readTestFile("message_plaintext", true), decrypted.GetString())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestSHA1SignedMessageDecryption(t *testing.T) {
|
|
|
|
|
pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_sha1_signed", false))
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when unarmoring, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
decrypted, err := keyRingTestPrivate.Decrypt(pgpMessage, keyRingTestPrivate, 0)
|
|
|
|
|
if err == nil {
|
|
|
|
|
t.Fatal("Expected verification error when decrypting")
|
|
|
|
|
}
|
|
|
|
|
if err.Error() != "Signature Verification Error: Insecure signature" {
|
|
|
|
|
t.Fatal("Expected verification error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, readTestFile("message_plaintext", true), decrypted.GetString())
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-29 17:45:13 +02:00
|
|
|
func TestMultipleKeyMessageEncryption(t *testing.T) {
|
|
|
|
|
var message = NewPlainMessageFromString("plain text")
|
2019-12-27 19:35:43 +01:00
|
|
|
assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
|
2019-08-29 17:45:13 +02:00
|
|
|
|
2019-12-27 19:35:43 +01:00
|
|
|
ciphertext, err := keyRingTestMultiple.Encrypt(message, keyRingTestPrivate)
|
2019-08-29 17:45:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-05 22:16:38 +01:00
|
|
|
// Test that ciphertext data contains three Encrypted Key Packets (tag 1)
|
|
|
|
|
// followed by a single symmetrically encrypted data packet (tag 18)
|
|
|
|
|
var p packet.Packet
|
2019-08-29 17:45:13 +02:00
|
|
|
packets := packet.NewReader(bytes.NewReader(ciphertext.Data))
|
2020-03-05 22:16:38 +01:00
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
|
if p, err = packets.Next(); err != nil {
|
|
|
|
|
t.Fatal(err.Error())
|
2019-08-29 17:45:13 +02:00
|
|
|
}
|
2020-03-05 22:16:38 +01:00
|
|
|
if _, ok := p.(*packet.EncryptedKey); !ok {
|
|
|
|
|
t.Fatalf("Expected Encrypted Key packet, got %T", p)
|
2019-08-29 17:45:13 +02:00
|
|
|
}
|
|
|
|
|
}
|
2020-03-05 22:16:38 +01:00
|
|
|
if p, err = packets.Next(); err != nil {
|
|
|
|
|
t.Fatal(err.Error())
|
|
|
|
|
}
|
|
|
|
|
if _, ok := p.(*packet.SymmetricallyEncrypted); !ok {
|
|
|
|
|
t.Fatalf("Expected Symmetrically Encrypted Data packet, got %T", p)
|
|
|
|
|
}
|
2019-08-29 17:45:13 +02:00
|
|
|
|
2020-03-05 22:16:38 +01:00
|
|
|
// Decrypt message and verify correctness
|
2019-12-27 19:35:43 +01:00
|
|
|
decrypted, err := keyRingTestPrivate.Decrypt(ciphertext, keyRingTestPublic, GetUnixTime())
|
2019-08-29 17:45:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when decrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
assert.Exactly(t, message.GetString(), decrypted.GetString())
|
|
|
|
|
}
|
2020-05-06 18:50:18 +02:00
|
|
|
|
2020-07-02 15:55:11 +07:00
|
|
|
func TestMessagegetGetEncryptionKeyIDs(t *testing.T) {
|
|
|
|
|
var message = NewPlainMessageFromString("plain text")
|
|
|
|
|
assert.Exactly(t, 3, len(keyRingTestMultiple.entities))
|
|
|
|
|
|
|
|
|
|
ciphertext, err := keyRingTestMultiple.Encrypt(message, keyRingTestPrivate)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
ids, ok := ciphertext.getEncryptionKeyIDs()
|
|
|
|
|
assert.Exactly(t, 3, len(ids))
|
|
|
|
|
assert.True(t, ok)
|
|
|
|
|
encKey, ok := keyRingTestMultiple.entities[0].EncryptionKey(time.Now())
|
|
|
|
|
assert.True(t, ok)
|
|
|
|
|
assert.Exactly(t, encKey.PublicKey.KeyId, ids[0])
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-06 18:50:18 +02:00
|
|
|
func TestMessageGetArmoredWithCustomHeaders(t *testing.T) {
|
|
|
|
|
var message = NewPlainMessageFromString("plain text")
|
|
|
|
|
|
|
|
|
|
ciphertext, err := keyRingTestPublic.Encrypt(message, keyRingTestPrivate)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
comment := "User-defined comment"
|
|
|
|
|
version := "User-defined version"
|
|
|
|
|
armored, err := ciphertext.GetArmoredWithCustomHeaders(comment, version)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Could not armor the ciphertext:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
assert.Contains(t, armored, "Comment: "+comment)
|
|
|
|
|
assert.Contains(t, armored, "Version: "+version)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestMessageGetArmoredWithEmptyHeaders(t *testing.T) {
|
|
|
|
|
var message = NewPlainMessageFromString("plain text")
|
|
|
|
|
|
|
|
|
|
ciphertext, err := keyRingTestPublic.Encrypt(message, keyRingTestPrivate)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Expected no error when encrypting, got:", err)
|
|
|
|
|
}
|
|
|
|
|
comment := ""
|
|
|
|
|
version := ""
|
|
|
|
|
armored, err := ciphertext.GetArmoredWithCustomHeaders(comment, version)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("Could not armor the ciphertext:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
assert.NotContains(t, armored, "Version")
|
|
|
|
|
assert.NotContains(t, armored, "Comment")
|
|
|
|
|
}
|
