github.com/ethersphere/bee/v2@v2.2.0/pkg/accesscontrol/session_test.go

github.com/ethersphere/bee/v2@v2.2.0/pkg/accesscontrol/session_test.go (about)

     1  // Copyright 2024 The Swarm Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package accesscontrol_test
     6  
     7  import (
     8  	"bytes"
     9  	"crypto/ecdsa"
    10  	"crypto/rand"
    11  	"encoding/hex"
    12  	"fmt"
    13  	"io"
    14  	"testing"
    15  
    16  	"github.com/ethersphere/bee/v2/pkg/accesscontrol"
    17  	"github.com/ethersphere/bee/v2/pkg/accesscontrol/mock"
    18  	"github.com/ethersphere/bee/v2/pkg/crypto"
    19  	memkeystore "github.com/ethersphere/bee/v2/pkg/keystore/mem"
    20  	"github.com/stretchr/testify/assert"
    21  )
    22  
    23  func mockKeyFunc(*ecdsa.PublicKey, [][]byte) ([][]byte, error) {
    24  	return [][]byte{{1}}, nil
    25  }
    26  
    27  func TestSessionNewDefaultSession(t *testing.T) {
    28  	pk, err := crypto.GenerateSecp256k1Key()
    29  	assertNoError(t, "generating private key", err)
    30  	si := accesscontrol.NewDefaultSession(pk)
    31  	if si == nil {
    32  		assert.FailNow(t, "Session instance is nil")
    33  	}
    34  }
    35  
    36  func TestSessionNewFromKeystore(t *testing.T) {
    37  	ks := memkeystore.New()
    38  	si := mock.NewFromKeystore(ks, "tag", "password", mockKeyFunc)
    39  	if si == nil {
    40  		assert.FailNow(t, "Session instance is nil")
    41  	}
    42  }
    43  
    44  func TestSessionKey(t *testing.T) {
    45  	t.Parallel()
    46  
    47  	key1, err := crypto.GenerateSecp256k1Key()
    48  	assertNoError(t, "key1 GenerateSecp256k1Key", err)
    49  	si1 := accesscontrol.NewDefaultSession(key1)
    50  
    51  	key2, err := crypto.GenerateSecp256k1Key()
    52  	assertNoError(t, "key2 GenerateSecp256k1Key", err)
    53  	si2 := accesscontrol.NewDefaultSession(key2)
    54  
    55  	nonces := make([][]byte, 2)
    56  	for i := range nonces {
    57  		if _, err := io.ReadFull(rand.Reader, nonces[i]); err != nil {
    58  			assert.FailNow(t, err.Error())
    59  		}
    60  	}
    61  
    62  	keys1, err := si1.Key(&key2.PublicKey, nonces)
    63  	assertNoError(t, "", err)
    64  	keys2, err := si2.Key(&key1.PublicKey, nonces)
    65  	assertNoError(t, "", err)
    66  
    67  	if !bytes.Equal(keys1[0], keys2[0]) {
    68  		assert.FailNowf(t, fmt.Sprintf("shared secrets do not match %s, %s", hex.EncodeToString(keys1[0]), hex.EncodeToString(keys2[0])), "")
    69  	}
    70  	if !bytes.Equal(keys1[1], keys2[1]) {
    71  		assert.FailNowf(t, fmt.Sprintf("shared secrets do not match %s, %s", hex.EncodeToString(keys1[1]), hex.EncodeToString(keys2[1])), "")
    72  	}
    73  }
    74  
    75  func TestSessionKeyWithoutNonces(t *testing.T) {
    76  	t.Parallel()
    77  
    78  	key1, err := crypto.GenerateSecp256k1Key()
    79  	assertNoError(t, "key1 GenerateSecp256k1Key", err)
    80  	si1 := accesscontrol.NewDefaultSession(key1)
    81  
    82  	key2, err := crypto.GenerateSecp256k1Key()
    83  	assertNoError(t, "key2 GenerateSecp256k1Key", err)
    84  	si2 := accesscontrol.NewDefaultSession(key2)
    85  
    86  	keys1, err := si1.Key(&key2.PublicKey, nil)
    87  	assertNoError(t, "session1 key", err)
    88  	keys2, err := si2.Key(&key1.PublicKey, nil)
    89  	assertNoError(t, "session2 key", err)
    90  
    91  	if !bytes.Equal(keys1[0], keys2[0]) {
    92  		assert.FailNowf(t, fmt.Sprintf("shared secrets do not match %s, %s", hex.EncodeToString(keys1[0]), hex.EncodeToString(keys2[0])), "")
    93  	}
    94  }
    95  
    96  func TestSessionKeyFromKeystore(t *testing.T) {
    97  	t.Parallel()
    98  
    99  	ks := memkeystore.New()
   100  	tag1 := "tag1"
   101  	tag2 := "tag2"
   102  	password1 := "password1"
   103  	password2 := "password2"
   104  
   105  	si1 := mock.NewFromKeystore(ks, tag1, password1, mockKeyFunc)
   106  	exists, err := ks.Exists(tag1)
   107  	assertNoError(t, "", err)
   108  	if !exists {
   109  		assert.FailNow(t, "Key1 should exist")
   110  
   111  	}
   112  	key1, created, err := ks.Key(tag1, password1, crypto.EDGSecp256_K1)
   113  	assertNoError(t, "", err)
   114  	if created {
   115  		assert.FailNow(t, "Key1 should not be created")
   116  
   117  	}
   118  
   119  	si2 := mock.NewFromKeystore(ks, tag2, password2, mockKeyFunc)
   120  	exists, err = ks.Exists(tag2)
   121  	assertNoError(t, "", err)
   122  	if !exists {
   123  		assert.FailNow(t, "Key2 should exist")
   124  	}
   125  	key2, created, err := ks.Key(tag2, password2, crypto.EDGSecp256_K1)
   126  	assertNoError(t, "", err)
   127  	if created {
   128  		assert.FailNow(t, "Key2 should not be created")
   129  	}
   130  
   131  	nonces := make([][]byte, 1)
   132  	for i := range nonces {
   133  		if _, err := io.ReadFull(rand.Reader, nonces[i]); err != nil {
   134  			assert.FailNow(t, err.Error())
   135  		}
   136  	}
   137  
   138  	keys1, err := si1.Key(&key2.PublicKey, nonces)
   139  	assertNoError(t, "", err)
   140  	keys2, err := si2.Key(&key1.PublicKey, nonces)
   141  	assertNoError(t, "", err)
   142  
   143  	if !bytes.Equal(keys1[0], keys2[0]) {
   144  		assert.FailNowf(t, fmt.Sprintf("shared secrets do not match %s, %s", hex.EncodeToString(keys1[0]), hex.EncodeToString(keys2[0])), "")
   145  	}
   146  }