135 lines
3.0 KiB
Go
135 lines
3.0 KiB
Go
package cryptography
|
|
|
|
import (
|
|
"bytes"
|
|
"testing"
|
|
)
|
|
|
|
func TestBoxEncryptDecrypt(t *testing.T) {
|
|
bk, err := GenerateBoxKey()
|
|
if err != nil {
|
|
t.Fatalf("GenerateBoxKey: %v", err)
|
|
}
|
|
|
|
plain := []byte("necropolis secure message")
|
|
cipher, err := EncryptMessage(plain, bk.PublicKey)
|
|
if err != nil {
|
|
t.Fatalf("EncryptMessage: %v", err)
|
|
}
|
|
|
|
got, err := DecryptMessage(cipher, bk)
|
|
if err != nil {
|
|
t.Fatalf("DecryptMessage: %v", err)
|
|
}
|
|
if !bytes.Equal(got, plain) {
|
|
t.Fatalf("roundtrip mismatch: got %q, want %q", got, plain)
|
|
}
|
|
|
|
if len(cipher) > 0 {
|
|
cipher[0] ^= 0x01
|
|
}
|
|
_, err = DecryptMessage(cipher, bk)
|
|
if err == nil {
|
|
t.Fatal("expected error on tampered ciphertext, got nil")
|
|
}
|
|
}
|
|
|
|
func TestSignVerify(t *testing.T) {
|
|
op, err := GenerateOperatorKey()
|
|
if err != nil {
|
|
t.Fatalf("GenerateOperatorKey: %v", err)
|
|
}
|
|
|
|
data := []byte("necropolis command")
|
|
sig, err := op.PrivateKey.Sign(data)
|
|
if err != nil {
|
|
t.Fatalf("Sign: %v", err)
|
|
}
|
|
|
|
ok, err := Verify(op.PublicKey, data, sig)
|
|
if err != nil {
|
|
t.Fatalf("Verify: %v", err)
|
|
}
|
|
if !ok {
|
|
t.Fatal("signature verification failed")
|
|
}
|
|
|
|
data[0] ^= 0x01
|
|
ok, err = Verify(op.PublicKey, data, sig)
|
|
if err != nil {
|
|
t.Fatalf("Verify tampered: %v", err)
|
|
}
|
|
if ok {
|
|
t.Fatal("expected verification failure on tampered data")
|
|
}
|
|
}
|
|
|
|
func TestBoxKeyPersistenceRoundtrip(t *testing.T) {
|
|
orig, err := GenerateBoxKey()
|
|
if err != nil {
|
|
t.Fatalf("GenerateBoxKey: %v", err)
|
|
}
|
|
|
|
privBytes := orig.Marshal()
|
|
if len(privBytes) != 32 {
|
|
t.Fatalf("Marshal returned %d bytes, want 32", len(privBytes))
|
|
}
|
|
|
|
pubBytes := orig.BoxPubKeyBytes()
|
|
if len(pubBytes) != 32 {
|
|
t.Fatalf("BoxPubKeyBytes returned %d bytes, want 32", len(pubBytes))
|
|
}
|
|
|
|
reloaded := LoadBoxKey(privBytes)
|
|
if reloaded == nil {
|
|
t.Fatal("LoadBoxKey returned nil")
|
|
}
|
|
|
|
if !bytes.Equal(reloaded.PublicKey[:], pubBytes) {
|
|
t.Fatal("reloaded public key does not match original public key")
|
|
}
|
|
|
|
plain := []byte("necropolis beacon payload")
|
|
cipher, err := EncryptMessage(plain, reloaded.PublicKey)
|
|
if err != nil {
|
|
t.Fatalf("EncryptMessage with reloaded pub: %v", err)
|
|
}
|
|
|
|
got, err := DecryptMessage(cipher, reloaded)
|
|
if err != nil {
|
|
t.Fatalf("DecryptMessage with reloaded keys: %v", err)
|
|
}
|
|
if !bytes.Equal(got, plain) {
|
|
t.Fatalf("reloaded roundtrip mismatch: got %q, want %q", got, plain)
|
|
}
|
|
|
|
got2, err := DecryptMessage(cipher, orig)
|
|
if err != nil {
|
|
t.Fatalf("DecryptMessage with original keys: %v", err)
|
|
}
|
|
if !bytes.Equal(got2, plain) {
|
|
t.Fatalf("original roundtrip mismatch: got %q, want %q", got2, plain)
|
|
}
|
|
}
|
|
|
|
func TestKeyPersistence(t *testing.T) {
|
|
orig, err := GenerateOperatorKey()
|
|
if err != nil {
|
|
t.Fatalf("GenerateOperatorKey: %v", err)
|
|
}
|
|
|
|
marshaled, err := MarshalPrivateKey(orig.PrivateKey)
|
|
if err != nil {
|
|
t.Fatalf("MarshalPrivateKey: %v", err)
|
|
}
|
|
|
|
loaded, err := LoadPrivateKey(marshaled)
|
|
if err != nil {
|
|
t.Fatalf("LoadPrivateKey: %v", err)
|
|
}
|
|
|
|
if !orig.PublicKey.Equals(loaded.GetPublic()) {
|
|
t.Fatal("public key mismatch after marshal roundtrip")
|
|
}
|
|
}
|