github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/kbfscrypto/encrypted_data_test.go (about) 1 // Copyright 2017 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package kbfscrypto 6 7 import ( 8 "testing" 9 10 "github.com/keybase/client/go/libkb" 11 "github.com/pkg/errors" 12 "github.com/stretchr/testify/assert" 13 "github.com/stretchr/testify/require" 14 "golang.org/x/crypto/nacl/box" 15 ) 16 17 func TestEncryptDecryptDataSuccess(t *testing.T) { 18 data := []byte{0x20, 0x30} 19 key := [32]byte{0x40, 0x45} 20 encryptedData, err := encryptData(data, key) 21 require.NoError(t, err) 22 23 nonce, err := encryptedData.Nonce24() 24 require.NoError(t, err) 25 26 decryptedData, err := decryptData(encryptedData, key, nonce) 27 require.NoError(t, err) 28 require.Equal(t, data, decryptedData) 29 } 30 31 func TestEncryptDecryptDataV2Success(t *testing.T) { 32 data := []byte{0x20, 0x30} 33 key := [32]byte{0x40, 0x45} 34 tlfCryptKey := TLFCryptKey{privateByte32Container{key}} 35 half := [32]byte{0x50, 0x51} 36 blockServerHalf := BlockCryptKeyServerHalf{publicByte32Container{half}} 37 encryptedBlock, err := EncryptPaddedEncodedBlock( 38 data, tlfCryptKey, blockServerHalf, EncryptionSecretboxWithKeyNonce) 39 require.NoError(t, err) 40 require.Equal( 41 t, EncryptionSecretboxWithKeyNonce, 42 encryptedBlock.encryptedData.Version) 43 44 decryptedData, err := DecryptBlock( 45 encryptedBlock, tlfCryptKey, blockServerHalf) 46 require.NoError(t, err) 47 require.Equal(t, data, decryptedData) 48 } 49 50 func TestDecryptDataFailure(t *testing.T) { 51 // Test various failure cases for decryptMetadata(). 52 data := []byte{0x20, 0x30} 53 key := [32]byte{0x40, 0x45} 54 encryptedData, err := encryptData(data, key) 55 require.NoError(t, err) 56 57 // Wrong nonce for v2. 58 59 encryptedDataWrongNonce := encryptedData 60 encryptedDataWrongNonce.Version++ 61 tlfCryptKey := TLFCryptKey{privateByte32Container{key}} 62 half := [32]byte{0x50, 0x51} 63 blockServerHalf := BlockCryptKeyServerHalf{publicByte32Container{half}} 64 _, err = DecryptBlock( 65 EncryptedBlock{encryptedDataWrongNonce}, 66 tlfCryptKey, blockServerHalf) 67 assert.Equal(t, 68 InvalidNonceError{encryptedDataWrongNonce.Nonce}, 69 errors.Cause(err)) 70 71 // Wrong version. 72 73 encryptedDataWrongVersion := encryptedData 74 encryptedDataWrongVersion.Version += 2 75 nonce, err := encryptedDataWrongVersion.Nonce24() 76 require.NoError(t, err) 77 _, err = decryptData(encryptedDataWrongVersion, key, nonce) 78 assert.Equal(t, 79 UnknownEncryptionVer{encryptedDataWrongVersion.Version}, 80 errors.Cause(err)) 81 82 // Wrong nonce size. 83 84 encryptedDataWrongNonceSize := encryptedData 85 encryptedDataWrongNonceSize.Nonce = encryptedDataWrongNonceSize.Nonce[:len(encryptedDataWrongNonceSize.Nonce)-1] 86 _, err = encryptedDataWrongNonceSize.Nonce24() 87 assert.Equal(t, 88 InvalidNonceError{encryptedDataWrongNonceSize.Nonce}, 89 errors.Cause(err)) 90 91 // Corrupt key. 92 93 keyCorrupt := key 94 keyCorrupt[0] = ^keyCorrupt[0] 95 _, err = decryptData(encryptedData, keyCorrupt, nonce) 96 assert.IsType(t, errors.Cause(err), libkb.DecryptionError{}) 97 98 // Corrupt data. 99 100 encryptedDataCorruptData := encryptedData 101 encryptedDataCorruptData.EncryptedData[0] = ^encryptedDataCorruptData.EncryptedData[0] 102 _, err = decryptData(encryptedDataCorruptData, key, nonce) 103 assert.IsType(t, errors.Cause(err), libkb.DecryptionError{}) 104 } 105 106 // Test that EncryptTLFCryptKeyClientHalf() encrypts its passed-in 107 // client half properly. 108 func TestCryptoCommonEncryptTLFCryptKeyClientHalf(t *testing.T) { 109 ephPublicKey, ephPrivateKey, err := MakeRandomTLFEphemeralKeys() 110 require.NoError(t, err) 111 112 cryptKey, err := MakeRandomTLFCryptKey() 113 require.NoError(t, err) 114 115 privateKey := MakeFakeCryptPrivateKeyOrBust("fake key") 116 publicKey := privateKey.GetPublicKey() 117 118 serverHalf, err := MakeRandomTLFCryptKeyServerHalf() 119 require.NoError(t, err) 120 121 clientHalf := MaskTLFCryptKey(serverHalf, cryptKey) 122 123 encryptedClientHalf, err := EncryptTLFCryptKeyClientHalf(ephPrivateKey, publicKey, clientHalf) 124 require.NoError(t, err) 125 require.Equal(t, EncryptionSecretbox, encryptedClientHalf.Version) 126 127 expectedEncryptedLength := len(clientHalf.Data()) + box.Overhead 128 require.Equal(t, expectedEncryptedLength, 129 len(encryptedClientHalf.EncryptedData)) 130 require.Equal(t, 24, len(encryptedClientHalf.Nonce)) 131 132 var nonce [24]byte 133 copy(nonce[:], encryptedClientHalf.Nonce) 134 require.NotEqual(t, [24]byte{}, nonce) 135 136 ephPublicKeyData := ephPublicKey.Data() 137 privateKeyData := privateKey.Data() 138 decryptedData, ok := box.Open( 139 nil, encryptedClientHalf.EncryptedData, &nonce, 140 &ephPublicKeyData, &privateKeyData) 141 require.True(t, ok) 142 143 require.Equal(t, len(clientHalf.Data()), len(decryptedData)) 144 145 var clientHalf2Data [32]byte 146 copy(clientHalf2Data[:], decryptedData) 147 clientHalf2 := MakeTLFCryptKeyClientHalf(clientHalf2Data) 148 require.Equal(t, clientHalf, clientHalf2) 149 }