github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/libkey/key_server_local_test.go (about) 1 // Copyright 2016 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package libkey 6 7 import ( 8 "context" 9 "testing" 10 11 "github.com/keybase/client/go/kbfs/idutil" 12 idutiltest "github.com/keybase/client/go/kbfs/idutil/test" 13 "github.com/keybase/client/go/kbfs/kbfscodec" 14 "github.com/keybase/client/go/kbfs/kbfscrypto" 15 "github.com/keybase/client/go/kbfs/kbfsmd" 16 kbname "github.com/keybase/client/go/kbun" 17 "github.com/keybase/client/go/logger" 18 "github.com/stretchr/testify/require" 19 ) 20 21 type testConfig struct { 22 codec kbfscodec.Codec 23 kbpki idutil.KBPKI 24 keyServer KeyServer 25 } 26 27 func (tc testConfig) Codec() kbfscodec.Codec { 28 return tc.codec 29 } 30 31 func (tc testConfig) KBPKI() idutil.KBPKI { 32 return tc.kbpki 33 } 34 35 func (tc testConfig) KeyServer() KeyServer { 36 return tc.keyServer 37 } 38 39 // Test that Put/Get works for TLF crypt key server halves. 40 func TestKeyServerLocalTLFCryptKeyServerHalves(t *testing.T) { 41 // simulate two users 42 var userName1, userName2 kbname.NormalizedUsername = "u1", "u2" 43 44 ctx := context.Background() 45 codec := kbfscodec.NewMsgpack() 46 47 localUsers := idutil.MakeLocalUsers( 48 []kbname.NormalizedUsername{userName1, userName2}) 49 uid1 := localUsers[0].UID 50 daemon1 := idutil.NewDaemonLocal(uid1, localUsers, nil, codec) 51 kbpki1 := &idutiltest.DaemonKBPKI{ 52 KBPKI: nil, 53 Daemon: daemon1, 54 } 55 config1 := testConfig{codec, kbpki1, nil} 56 ks1, err := NewKeyServerMemory(config1, logger.NewTestLogger(t)) 57 require.NoError(t, err) 58 defer ks1.Shutdown() 59 config1.keyServer = ks1 60 ko1 := KeyOpsStandard{config1} 61 62 session1, err := kbpki1.GetCurrentSession(ctx) 63 require.NoError(t, err) 64 publicKey1 := session1.CryptPublicKey 65 66 uid2 := localUsers[1].UID 67 daemon2 := idutil.NewDaemonLocal(uid2, localUsers, nil, codec) 68 kbpki2 := &idutiltest.DaemonKBPKI{ 69 KBPKI: nil, 70 Daemon: daemon2, 71 } 72 config2 := testConfig{codec, kbpki2, nil} 73 ks2 := ks1.CopyWithConfigAndLogger(config2, logger.NewTestLogger(t)) 74 defer ks2.Shutdown() 75 config2.keyServer = ks2 76 ko2 := KeyOpsStandard{config2} 77 78 session2, err := kbpki2.GetCurrentSession(ctx) 79 require.NoError(t, err) 80 publicKey2 := session2.CryptPublicKey 81 82 serverHalf1 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{1}) 83 serverHalf2 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{2}) 84 serverHalf3 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{3}) 85 serverHalf4 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{4}) 86 87 // write 1 88 keyHalves := make(kbfsmd.UserDeviceKeyServerHalves) 89 deviceHalves := make(kbfsmd.DeviceKeyServerHalves) 90 deviceHalves[publicKey1] = serverHalf1 91 keyHalves[uid1] = deviceHalves 92 93 err = ko1.PutTLFCryptKeyServerHalves(ctx, keyHalves) 94 require.NoError(t, err) 95 96 // write 2 97 keyHalves = make(kbfsmd.UserDeviceKeyServerHalves) 98 deviceHalves = make(kbfsmd.DeviceKeyServerHalves) 99 deviceHalves[publicKey1] = serverHalf2 100 keyHalves[uid1] = deviceHalves 101 102 err = ko1.PutTLFCryptKeyServerHalves(ctx, keyHalves) 103 require.NoError(t, err) 104 105 // write 3 and 4 together 106 keyHalves = make(kbfsmd.UserDeviceKeyServerHalves) 107 deviceHalves1 := make(kbfsmd.DeviceKeyServerHalves) 108 deviceHalves2 := make(kbfsmd.DeviceKeyServerHalves) 109 deviceHalves1[publicKey1] = serverHalf3 110 keyHalves[uid1] = deviceHalves1 111 deviceHalves2[publicKey2] = serverHalf4 112 keyHalves[uid2] = deviceHalves2 113 114 err = ko1.PutTLFCryptKeyServerHalves(ctx, keyHalves) 115 require.NoError(t, err) 116 117 serverHalfID1, err := 118 kbfscrypto.MakeTLFCryptKeyServerHalfID(uid1, publicKey1, serverHalf1) 119 require.NoError(t, err) 120 121 serverHalfID2, err := 122 kbfscrypto.MakeTLFCryptKeyServerHalfID(uid1, publicKey1, serverHalf2) 123 require.NoError(t, err) 124 125 serverHalfID3, err := 126 kbfscrypto.MakeTLFCryptKeyServerHalfID(uid1, publicKey1, serverHalf3) 127 require.NoError(t, err) 128 129 serverHalfID4, err := 130 kbfscrypto.MakeTLFCryptKeyServerHalfID(uid2, publicKey2, serverHalf4) 131 require.NoError(t, err) 132 133 half1, err := ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID1, publicKey1) 134 require.NoError(t, err) 135 136 require.Equal(t, serverHalf1, half1) 137 138 half2, err := ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID2, publicKey1) 139 require.NoError(t, err) 140 141 require.Equal(t, serverHalf2, half2) 142 143 half3, err := ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID3, publicKey1) 144 require.NoError(t, err) 145 146 require.Equal(t, serverHalf3, half3) 147 148 _, err = ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID4, publicKey1) 149 require.IsType(t, kbfsmd.ServerErrorUnauthorized{}, err) 150 151 // try to get uid2's key now as uid2 152 half4, err := ko2.GetTLFCryptKeyServerHalf(ctx, serverHalfID4, publicKey2) 153 require.NoError(t, err) 154 155 require.Equal(t, serverHalf4, half4) 156 157 serverHalfIDNope, err := kbfscrypto.MakeTLFCryptKeyServerHalfID( 158 uid1, publicKey1, serverHalf4) 159 require.NoError(t, err) 160 161 _, err = ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfIDNope, publicKey1) 162 require.Error(t, err) 163 }