github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/support_libraries/rotation_support/rotate_test.go (about) 1 // Copyright (c) 2016, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License") 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package rotation_support 16 17 import ( 18 "container/list" 19 "fmt" 20 "testing" 21 "time" 22 23 "github.com/jlmucb/cloudproxy/go/support_libraries/protected_objects" 24 ) 25 26 func TestAddKeyEpoch(t *testing.T) { 27 28 obj_type := "file" 29 status := "active" 30 nb := time.Now() 31 validFor := 365 * 24 * time.Hour 32 na := nb.Add(validFor) 33 34 obj_1, err := protected_objects.CreateObject("/jlm/file/file1", 1, 35 &obj_type, &status, &nb, &na, nil) 36 if err != nil { 37 t.Fatal("Can't create object") 38 } 39 fmt.Printf("Obj: %s\n", *obj_1.NotBefore) 40 obj_type = "key" 41 obj_2, _ := protected_objects.CreateObject("/jlm/key/key1", 1, 42 &obj_type, &status, &nb, &na, nil) 43 obj_3, _ := protected_objects.CreateObject("/jlm/key/key2", 1, 44 &obj_type, &status, &nb, &na, nil) 45 46 // add them to object list 47 obj_list := list.New() 48 err = protected_objects.AddObject(obj_list, *obj_1) 49 if err != nil { 50 t.Fatal("Can't add object") 51 } 52 _ = protected_objects.AddObject(obj_list, *obj_2) 53 _ = protected_objects.AddObject(obj_list, *obj_3) 54 55 newkey := []byte{ 56 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 57 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 58 0x07, 0x08, 0x07, 0x08, 0x07, 0x08, 0x07, 0x08, 59 0xa6, 0xa5, 0xa6, 0xa5, 0xa6, 0xa5, 0xa6, 0xa5} 60 61 oldkeyobj, newkeyobj, err := AddNewKeyEpoch(obj_list, "/jlm/key/key1", 62 "key", "active", "active", nb.String(), na.String(), newkey) 63 if err != nil { 64 t.Fatal("Can't add new key epoch") 65 } 66 fmt.Printf("\n\n") 67 if oldkeyobj == nil { 68 fmt.Printf("No old key object\n") 69 } else { 70 fmt.Printf("Old key object:\n") 71 protected_objects.PrintObject(oldkeyobj) 72 } 73 fmt.Printf("\n\n") 74 if newkeyobj == nil { 75 t.Fatal("Can't new key object is nil") 76 } 77 fmt.Printf("New key object:\n") 78 protected_objects.PrintObject(newkeyobj) 79 fmt.Printf("\n") 80 81 oldkeyobj, newkeyobj, err = AddNewKeyEpoch(obj_list, "/jlm/key/key4", 82 "key", "active", "active", nb.String(), na.String(), newkey) 83 if err != nil { 84 t.Fatal("Can't add new key epoch") 85 } 86 fmt.Printf("\n\n") 87 if oldkeyobj == nil { 88 fmt.Printf("No old key object\n") 89 } else { 90 fmt.Printf("Old key object:\n") 91 protected_objects.PrintObject(oldkeyobj) 92 } 93 fmt.Printf("\n\n") 94 if newkeyobj == nil { 95 t.Fatal("Can't new key object is nil") 96 } 97 fmt.Printf("New key object:\n") 98 protected_objects.PrintObject(newkeyobj) 99 fmt.Printf("\n") 100 } 101 102 func TestAddAndRotate(t *testing.T) { 103 104 obj_type := "file" 105 status := "active" 106 nb := time.Now() 107 validFor := 365 * 24 * time.Hour 108 na := nb.Add(validFor) 109 110 protectorKeys := []byte{ 111 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 112 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 113 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf, 114 } 115 116 obj_1, err := protected_objects.CreateObject("/jlm/file/file1", 1, 117 &obj_type, &status, &nb, &na, nil) 118 if err != nil { 119 t.Fatal("Can't create object") 120 } 121 fmt.Printf("Obj: %s\n", *obj_1.NotBefore) 122 obj_type = "key" 123 obj_2, _ := protected_objects.CreateObject("/jlm/key/key1", 1, 124 &obj_type, &status, &nb, &na, protectorKeys) 125 obj_3, _ := protected_objects.CreateObject("/jlm/key/key2", 1, 126 &obj_type, &status, &nb, &na, protectorKeys) 127 128 // add them to object list 129 obj_list := list.New() 130 err = protected_objects.AddObject(obj_list, *obj_1) 131 if err != nil { 132 t.Fatal("Can't add object") 133 } 134 _ = protected_objects.AddObject(obj_list, *obj_2) 135 _ = protected_objects.AddObject(obj_list, *obj_3) 136 137 p_obj_1, err := protected_objects.MakeProtectedObject(*obj_1, "/jlm/key/key1", 1, protectorKeys) 138 if err != nil { 139 t.Fatal("Can't make protected object") 140 } 141 if p_obj_1 == nil { 142 t.Fatal("Bad protected object") 143 } 144 145 p_obj_2, err := protected_objects.MakeProtectedObject(*obj_2, "/jlm/key/key2", 1, protectorKeys) 146 if err != nil { 147 t.Fatal("Can't make protected object") 148 } 149 if p_obj_2 == nil { 150 t.Fatal("Bad protected object") 151 } 152 153 protected_obj_list := list.New() 154 err = protected_objects.AddProtectedObject(protected_obj_list, *p_obj_1) 155 if err != nil { 156 t.Fatal("Can't add protected object") 157 } 158 err = protected_objects.AddProtectedObject(protected_obj_list, *p_obj_2) 159 if err != nil { 160 t.Fatal("Can't add protected object") 161 } 162 163 fmt.Printf("\n\n") 164 fmt.Printf("Initial Objects\n") 165 for e := obj_list.Front(); e != nil; e = e.Next() { 166 o := e.Value.(protected_objects.ObjectMessage) 167 protected_objects.PrintObject(&o) 168 } 169 fmt.Printf("\n\nInitial protected objects\n") 170 for e := protected_obj_list.Front(); e != nil; e = e.Next() { 171 o := e.Value.(protected_objects.ProtectedObjectMessage) 172 protected_objects.PrintProtectedObject(&o) 173 } 174 fmt.Printf("\n\n") 175 176 newkey := []byte{ 177 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 0xff, 0xfe, 178 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 179 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 0x01, 0x02, 180 0x07, 0x08, 0x07, 0x08, 0x07, 0x08, 0x07, 0x08, 181 0x07, 0x08, 0x07, 0x08, 0x07, 0x08, 0x07, 0x08, 182 0xa6, 0xa5, 0xa6, 0xa5, 0xa6, 0xa5, 0xa6, 0xa5} 183 184 new_obj, err := AddAndRotateNewKeyEpoch("/jlm/key/key2", "key", "active", "active", 185 nb.String(), na.String(), newkey, obj_list, protected_obj_list) 186 if err != nil { 187 fmt.Printf("Err: %s\n", err) 188 t.Fatal("Can't AddAndRotateNewKeyEpoch") 189 } 190 fmt.Printf("\n\n") 191 fmt.Printf("New key: %s, %d\n", new_obj.ObjId.ObjName, new_obj.ObjId.ObjEpoch) 192 fmt.Printf("\n\n") 193 fmt.Printf("Protected objects\n") 194 for e := protected_obj_list.Front(); e != nil; e = e.Next() { 195 o := e.Value.(protected_objects.ProtectedObjectMessage) 196 protected_objects.PrintProtectedObject(&o) 197 } 198 fmt.Printf("\n\n") 199 fmt.Printf("Objects\n") 200 for e := obj_list.Front(); e != nil; e = e.Next() { 201 o := e.Value.(protected_objects.ObjectMessage) 202 protected_objects.PrintObject(&o) 203 } 204 fmt.Printf("\n\n") 205 // Check we can open protected object with new protector 206 protected_kids := protected_objects.FindProtectedObjects(protected_obj_list, *new_obj.ObjId.ObjName, 207 *new_obj.ObjId.ObjEpoch) 208 if err != nil { 209 t.Fatal("Can't FindProtected kids") 210 } 211 e := protected_kids.Front() 212 o := e.Value.(protected_objects.ProtectedObjectMessage) 213 obj, err := protected_objects.RecoverProtectedObject(&o, new_obj.ObjVal) 214 if err != nil || obj == nil { 215 t.Fatal("Can't recover first kid") 216 } 217 fmt.Printf("\n\nRecovered:\n") 218 protected_objects.PrintObject(obj) 219 }