github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/contacts/resolution_notice_test.go (about)

     1  // Copyright 2019 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package contacts
     5  
     6  import (
     7  	"github.com/keybase/client/go/encrypteddb"
     8  	"github.com/keybase/client/go/engine"
     9  	"github.com/keybase/client/go/kbtest"
    10  	"github.com/keybase/client/go/libkb"
    11  	"testing"
    12  
    13  	"github.com/keybase/client/go/protocol/keybase1"
    14  	"github.com/stretchr/testify/require"
    15  )
    16  
    17  func TestEncryptContactResolutionForServer(t *testing.T) {
    18  	tc := libkb.SetupTest(t, "contacts", 2)
    19  	defer tc.Cleanup()
    20  
    21  	u, err := kbtest.CreateAndSignupFakeUser("t", tc.G)
    22  	require.NoError(t, err)
    23  	err = u.Login(tc.G)
    24  	require.NoError(t, err)
    25  
    26  	contact := ContactResolution{
    27  		Description: "Jakob - (216) 555-2222",
    28  		ResolvedUser: keybase1.User{
    29  			Uid:      keybase1.UID("34"),
    30  			Username: "jakob223",
    31  		},
    32  	}
    33  	enc, err := encryptContactBlob(tc.MetaContext(), contact)
    34  	require.NoError(t, err)
    35  
    36  	// Provision a new device to roll forward the PUK
    37  	tc2 := libkb.SetupTest(t, "contacts", 2)
    38  	defer tc2.Cleanup()
    39  	kbtest.ProvisionNewDeviceKex(&tc, &tc2, u, keybase1.DeviceTypeV2_DESKTOP)
    40  
    41  	// Require the original device can decrypt the contact
    42  	dec, err := DecryptContactBlob(tc.MetaContext(), enc)
    43  	require.NoError(t, err)
    44  	require.Equal(t, contact, dec)
    45  
    46  	// Require the new device can decrypt the contact
    47  	dec, err = DecryptContactBlob(tc2.MetaContext(), enc)
    48  	require.NoError(t, err)
    49  	require.Equal(t, contact, dec)
    50  
    51  	// Log in as a different user
    52  	u2, err := kbtest.CreateAndSignupFakeUser("t", tc.G)
    53  	require.NoError(t, err)
    54  	err = u2.Login(tc.G)
    55  	require.NoError(t, err)
    56  
    57  	// New user should not be able to decrypt contact blob
    58  	dec, err = DecryptContactBlob(tc.MetaContext(), enc)
    59  	require.Equal(t, encrypteddb.ErrDecryptionFailed, err)
    60  	require.NotEqual(t, contact, dec)
    61  
    62  	// Reset the user and check that they can no longer decrypt
    63  	kbtest.ResetAccount(tc2, u)
    64  	dec, err = DecryptContactBlob(tc2.MetaContext(), enc)
    65  	require.Error(t, err)
    66  	require.NotEqual(t, contact, dec)
    67  }
    68  
    69  func TestEncryptContactResolutionForServerRevokes(t *testing.T) {
    70  	tc := libkb.SetupTest(t, "contacts", 2)
    71  	defer tc.Cleanup()
    72  
    73  	u, err := kbtest.CreateAndSignupFakeUser("t", tc.G)
    74  	require.NoError(t, err)
    75  	err = u.Login(tc.G)
    76  	require.NoError(t, err)
    77  
    78  	contact := ContactResolution{
    79  		Description: "Jakob - (216) 555-2222",
    80  		ResolvedUser: keybase1.User{
    81  			Uid:      keybase1.UID("34"),
    82  			Username: "jakob223",
    83  		},
    84  	}
    85  	encs := make([]string, 0)
    86  	var enc string
    87  	enc, err = encryptContactBlob(tc.MetaContext(), contact)
    88  	encs = append(encs, enc)
    89  	require.NoError(t, err)
    90  
    91  	// Provision a new device
    92  	tc2 := libkb.SetupTest(t, "contacts", 2)
    93  	defer tc2.Cleanup()
    94  	kbtest.ProvisionNewDeviceKex(&tc, &tc2, u, keybase1.DeviceTypeV2_DESKTOP)
    95  
    96  	// Encrypt a blob from the new device
    97  	enc, err = encryptContactBlob(tc2.MetaContext(), contact)
    98  	encs = append(encs, enc)
    99  	require.NoError(t, err)
   100  
   101  	// Check the new device can decrypt both blobs
   102  	for _, enc := range encs {
   103  		dec, err := DecryptContactBlob(tc2.MetaContext(), enc)
   104  		require.NoError(t, err)
   105  		require.Equal(t, contact, dec)
   106  	}
   107  
   108  	// Provision a third device
   109  	tc3 := libkb.SetupTest(t, "contacts", 2)
   110  	defer tc3.Cleanup()
   111  	kbtest.ProvisionNewDeviceKex(&tc, &tc3, u, keybase1.DeviceTypeV2_DESKTOP)
   112  
   113  	// Encrypt a blob from the new device
   114  	enc, err = encryptContactBlob(tc3.MetaContext(), contact)
   115  	encs = append(encs, enc)
   116  	require.NoError(t, err)
   117  
   118  	// Revoke the second device
   119  	revokeEngine := engine.NewRevokeDeviceEngine(tc.G, engine.RevokeDeviceEngineArgs{
   120  		ID: tc2.G.ActiveDevice.DeviceID(),
   121  	})
   122  	uis := libkb.UIs{
   123  		SecretUI: &libkb.TestSecretUI{},
   124  		LogUI:    tc.G.UI.GetLogUI(),
   125  	}
   126  	m := libkb.NewMetaContextForTest(tc).WithUIs(uis)
   127  	err = engine.RunEngine2(m, revokeEngine)
   128  	require.NoError(t, err)
   129  
   130  	// Encrypt a blob from the third device
   131  	enc, err = encryptContactBlob(tc3.MetaContext(), contact)
   132  	encs = append(encs, enc)
   133  	require.NoError(t, err)
   134  
   135  	// Check the first device can decrypt all the blobs
   136  	for _, enc := range encs {
   137  		dec, err := DecryptContactBlob(tc.MetaContext(), enc)
   138  		require.NoError(t, err)
   139  		require.Equal(t, contact, dec)
   140  	}
   141  
   142  	// Provision a fourth device
   143  	tc4 := libkb.SetupTest(t, "contacts", 2)
   144  	defer tc4.Cleanup()
   145  	kbtest.ProvisionNewDeviceKex(&tc, &tc4, u, keybase1.DeviceTypeV2_DESKTOP)
   146  
   147  	// Check the new device can decrypt all the blobs
   148  	for _, enc := range encs {
   149  		dec, err := DecryptContactBlob(tc4.MetaContext(), enc)
   150  		require.NoError(t, err)
   151  		require.Equal(t, contact, dec)
   152  	}
   153  }