github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbcrypto/sig_test.go

github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbcrypto/sig_test.go (about)

     1  // Copyright 2018 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package kbcrypto
     5  
     6  import (
     7  	"crypto/rand"
     8  	"encoding/base64"
     9  	"errors"
    10  	"github.com/keybase/go-crypto/ed25519"
    11  	"github.com/stretchr/testify/require"
    12  	"testing"
    13  )
    14  
    15  type keypair struct {
    16  	pub  NaclSigningKeyPublic
    17  	priv NaclSigningKeyPrivate
    18  }
    19  
    20  func makeKeypair() (keypair, error) {
    21  	reader := rand.Reader
    22  	publicKey, privateKey, err := ed25519.GenerateKey(reader)
    23  	var ret keypair
    24  	if err != nil {
    25  		return ret, err
    26  	}
    27  	copy(ret.pub[:], publicKey)
    28  	copy(ret.priv[:], privateKey)
    29  
    30  	return ret, nil
    31  }
    32  
    33  func TestVerifyWithPayload(t *testing.T) {
    34  	kp, err := makeKeypair()
    35  	require.NoError(t, err)
    36  
    37  	msg := []byte("let there be songs / to fill the air")
    38  
    39  	sig, _, err := kp.priv.SignToStringV0(msg, kp.pub)
    40  	require.NoError(t, err)
    41  
    42  	requireError := func(err error, s string) {
    43  		require.Error(t, err)
    44  		require.Equal(t, errors.New(s), err.(VerificationError).Cause)
    45  	}
    46  
    47  	_, _, err = NaclVerifyWithPayload(sig, msg)
    48  	require.NoError(t, err)
    49  	_, _, err = NaclVerifyWithPayload(sig, nil)
    50  	requireError(err, "nil payload")
    51  	_, _, err = NaclVerifyWithPayload(sig, []byte(""))
    52  	requireError(err, "empty payload")
    53  	_, _, err = NaclVerifyWithPayload(sig, []byte("yo"))
    54  	requireError(err, "payload mismatch")
    55  
    56  	info := kp.priv.SignInfoV0(msg, kp.pub)
    57  	info.Payload = nil
    58  	body, err := EncodePacketToBytes(&info)
    59  	require.NoError(t, err)
    60  	sig = base64.StdEncoding.EncodeToString(body)
    61  
    62  	_, _, err = NaclVerifyWithPayload(sig, msg)
    63  	require.NoError(t, err)
    64  
    65  	// Now corrupt and make sure we get the right answer
    66  	info.Sig[10] ^= 0x1
    67  	body, err = EncodePacketToBytes(&info)
    68  	require.NoError(t, err)
    69  	sig = base64.StdEncoding.EncodeToString(body)
    70  	_, _, err = NaclVerifyWithPayload(sig, msg)
    71  	requireError(err, "verify failed")
    72  
    73  	// Get the same failure if we have the wrong sig and the wrong payload
    74  	_, _, err = NaclVerifyWithPayload(sig, []byte("yo"))
    75  	requireError(err, "verify failed")
    76  
    77  	// Fail with bad payload before the sig fails, if we have the right payload and it's doubled up
    78  	info.Payload = msg
    79  	body, err = EncodePacketToBytes(&info)
    80  	require.NoError(t, err)
    81  	sig = base64.StdEncoding.EncodeToString(body)
    82  	_, _, err = NaclVerifyWithPayload(sig, []byte("yo"))
    83  	requireError(err, "payload mismatch")
    84  }