From 8af460ba61eafa81cca238e9cbb3c277ce990d5d Mon Sep 17 00:00:00 2001 From: Aron Wussler Date: Mon, 13 May 2019 14:06:54 +0000 Subject: [PATCH] Create key.go unit tests --- crypto/attachment_test.go | 1 - crypto/base_test.go | 15 ++++ crypto/key.go | 7 +- crypto/key_test.go | 147 ++++++++++++++++++++++++++++++++------ crypto/keyring_test.go | 8 --- crypto/mime_test.go | 3 - 6 files changed, 144 insertions(+), 37 deletions(-) create mode 100644 crypto/base_test.go diff --git a/crypto/attachment_test.go b/crypto/attachment_test.go index b6ea821..599b054 100644 --- a/crypto/attachment_test.go +++ b/crypto/attachment_test.go @@ -50,7 +50,6 @@ func TestAttachmentSetKey(t *testing.T) { } func TestAttachnentEncryptDecrypt(t *testing.T) { - var pmCrypto = PmCrypto{} var testAttachmentCleartext = "cc,\ndille." encSplit, err := pmCrypto.EncryptAttachment([]byte(testAttachmentCleartext), "s.txt", testPrivateKeyRing) diff --git a/crypto/base_test.go b/crypto/base_test.go new file mode 100644 index 0000000..5fb17fb --- /dev/null +++ b/crypto/base_test.go @@ -0,0 +1,15 @@ +package crypto + +import ( + "io/ioutil" +) + +var err error + +func readTestFile(name string) string { + data, err := ioutil.ReadFile("testdata/" + name) + if err != nil { + panic(err) + } + return string(data) +} diff --git a/crypto/key.go b/crypto/key.go index 40c357d..dca4d9a 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -480,13 +480,10 @@ func (pm *PmCrypto) CheckKey(pubKey string) (string, error) { for _, e := range entries { for _, subKey := range e.Subkeys { if !subKey.Sig.FlagsValid || subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications { - - println("SubKey:" + hex.EncodeToString(subKey.PublicKey.Fingerprint[:])) - + fmt.Println("SubKey:" + hex.EncodeToString(subKey.PublicKey.Fingerprint[:])) } } - println("PrimaryKey:" + hex.EncodeToString(e.PrimaryKey.Fingerprint[:])) - + fmt.Println("PrimaryKey:" + hex.EncodeToString(e.PrimaryKey.Fingerprint[:])) } return "", nil } diff --git a/crypto/key_test.go b/crypto/key_test.go index 18aa4d8..b0d3803 100644 --- a/crypto/key_test.go +++ b/crypto/key_test.go @@ -2,37 +2,144 @@ package crypto import ( "github.com/stretchr/testify/assert" - // "encoding/base64" + "encoding/base64" "regexp" + "strings" "testing" ) const name = "richard.stallman" -const domain = "gnu.org" -const passphrase = "I love GNU" +const domain = "protonmail.ch" -var rsaKey, ecKey string +var passphrase = "I love GNU" +var rsaKey, ecKey, rsaPublicKey, ecPublicKey string -func TestGenerateRsaKey(t *testing.T) { - var pmCrypto = PmCrypto{} - var err error - rsaKey, err = pmCrypto.generateKey(name, domain, passphrase, "RSA", 1024, nil, nil, nil, nil) +var ( + rsaPrivateKeyRing *KeyRing + ecPrivateKeyRing *KeyRing + rsaPublicKeyRing *KeyRing + ecPublicKeyRing *KeyRing +) + +func TestGenerateKeys(t *testing.T) { + rsaKey, err = pmCrypto.GenerateKey(name, domain, passphrase, "rsa", 1024) if err != nil { - t.Fatal("Cannot encrypt token:", err) + t.Fatal("Cannot generate RSA key:", err) + } + + ecKey, err = pmCrypto.GenerateKey(name, domain, passphrase, "x25519", 256) + if err != nil { + t.Fatal("Cannot generate EC key:", err) } rTest := regexp.MustCompile("(?s)^-----BEGIN PGP PRIVATE KEY BLOCK-----.*-----END PGP PRIVATE KEY BLOCK-----$") assert.Regexp(t, rTest, rsaKey) -} - -func TestGenerateECKey(t *testing.T) { - var pmCrypto = PmCrypto{} - var err error - ecKey, err = pmCrypto.generateKey(name, domain, passphrase, "x25519", 1024, nil, nil, nil, nil) - if err != nil { - t.Fatal("Cannot encrypt token:", err) - } - - rTest := regexp.MustCompile("(?s)^-----BEGIN PGP PRIVATE KEY BLOCK-----.*-----END PGP PRIVATE KEY BLOCK-----$") assert.Regexp(t, rTest, ecKey) } + +func TestGenerateKeyRings(t *testing.T) { + rsaPrivateKeyRing, err = ReadArmoredKeyRing(strings.NewReader(rsaKey)); + if err != nil { + t.Fatal("Cannot read RSA key:", err) + } + + rsaPublicKey, err = rsaPrivateKeyRing.ArmoredPublicKeyString() + if err != nil { + t.Fatal("Cannot extract RSA public key:", err) + } + + rsaPublicKeyRing, err = ReadArmoredKeyRing(strings.NewReader(rsaPublicKey)); + if err != nil { + t.Fatal("Cannot read RSA public key:", err) + } + + err = rsaPrivateKeyRing.Unlock([]byte(passphrase)) + if err != nil { + t.Fatal("Cannot decrypt RSA key:", err) + } + + ecPrivateKeyRing, err = ReadArmoredKeyRing(strings.NewReader(ecKey)); + if err != nil { + t.Fatal("Cannot read EC key:", err) + } + + ecPublicKey, err = ecPrivateKeyRing.ArmoredPublicKeyString() + if err != nil { + t.Fatal("Cannot extract EC public key:", err) + } + + ecPublicKeyRing, err = ReadArmoredKeyRing(strings.NewReader(ecPublicKey)); + if err != nil { + t.Fatal("Cannot read EC public key:", err) + } + + err = ecPrivateKeyRing.Unlock([]byte(passphrase)) + if err != nil { + t.Fatal("Cannot decrypt EC key:", err) + } +} + +func TestEncryptDecryptKeys(t *testing.T) { + var pass, _ = base64.StdEncoding.DecodeString("H2CAwzpdexjxXucVYMERDiAc/td8aGPrr6ZhfMnZlLI=") + var testSymmetricKey = &SymmetricKey{ + Key: pass, + Algo: "aes256", + } + + packet, err := SetKey(rsaPublicKeyRing, testSymmetricKey) + if err != nil { + t.Fatal("Cannot encrypt keypacket with RSA keyring", err) + } + rsaTestSymmetricKey, err := DecryptAttKey(rsaPrivateKeyRing, packet) + if err != nil { + t.Fatal("Cannot decrypt keypacket with RSA keyring", err) + } + assert.Exactly(t, testSymmetricKey, rsaTestSymmetricKey) + + packet, err = SetKey(ecPublicKeyRing, testSymmetricKey) + if err != nil { + t.Fatal("Cannot encrypt keypacket with EC keyring", err) + } + ecTestSymmetricKey, err := DecryptAttKey(ecPrivateKeyRing, packet) + if err != nil { + t.Fatal("Cannot decrypt keypacket with EC keyring", err) + } + assert.Exactly(t, testSymmetricKey, ecTestSymmetricKey) +} + +func TestUpdatePrivateKeysPassphrase(t *testing.T) { + newPassphrase := "I like GNU" + rsaKey, err = pmCrypto.UpdatePrivateKeyPassphrase(rsaKey, passphrase, newPassphrase) + if err != nil { + t.Fatal("Error in changing RSA key's passphrase:", err) + } + + ecKey, err = pmCrypto.UpdatePrivateKeyPassphrase(ecKey, passphrase, newPassphrase) + if err != nil { + t.Fatal("Error in changing EC key's passphrase:", err) + } + + passphrase = newPassphrase +} + +func ExampleCheckKeys() { + pmCrypto.CheckKey(readTestFile("keyring_publicKey")) + // Output: + // SubKey:37e4bcf09b36e34012d10c0247dc67b5cb8267f6 + // PrimaryKey:6e8ba229b0cccaf6962f97953eb6259edf21df24 +} + +func TestIsKeyExpired(t *testing.T) { + rsaRes, err := pmCrypto.IsKeyExpired(rsaPublicKey) + if err != nil { + t.Fatal("Error in checking expiration of RSA key:", err) + } + + ecRes, err := pmCrypto.IsKeyExpired(ecPublicKey) + if err != nil { + t.Fatal("Error in checking expiration of EC key:", err) + } + + assert.Exactly(t, false, rsaRes) + assert.Exactly(t, false, ecRes) +} diff --git a/crypto/keyring_test.go b/crypto/keyring_test.go index d55234e..9dac9e2 100644 --- a/crypto/keyring_test.go +++ b/crypto/keyring_test.go @@ -34,14 +34,6 @@ var testIdentity = &Identity{ Email: "", } -func readTestFile(name string) string { - data, err := ioutil.ReadFile("testdata/" + name) - if err != nil { - panic(err) - } - return string(data) -} - func init() { var err error if testPrivateKeyRing, err = ReadArmoredKeyRing(strings.NewReader(readTestFile("keyring_privateKey"))); err != nil { diff --git a/crypto/mime_test.go b/crypto/mime_test.go index 2ebeeaa..4ba0519 100644 --- a/crypto/mime_test.go +++ b/crypto/mime_test.go @@ -36,7 +36,6 @@ func (t Callbacks) OnError(err error) { } func TestDecrypt(t *testing.T) { - var pmCrypto = PmCrypto{} callbacks := Callbacks{ Testing: t, } @@ -65,8 +64,6 @@ func TestDecrypt(t *testing.T) { } func TestParse(t *testing.T) { - var pmCrypto = PmCrypto{} - body, _, atts, attHeaders, err := pmCrypto.parseMIME(readTestFile("mime_testMessage"), nil) if err != nil {