github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/kbfs/libkey/key_server_local_test.go (about)

     1  // Copyright 2016 Keybase Inc. All rights reserved.
     2  // Use of this source code is governed by a BSD
     3  // license that can be found in the LICENSE file.
     4  
     5  package libkey
     6  
     7  import (
     8  	"context"
     9  	"testing"
    10  
    11  	"github.com/keybase/client/go/kbfs/idutil"
    12  	idutiltest "github.com/keybase/client/go/kbfs/idutil/test"
    13  	"github.com/keybase/client/go/kbfs/kbfscodec"
    14  	"github.com/keybase/client/go/kbfs/kbfscrypto"
    15  	"github.com/keybase/client/go/kbfs/kbfsmd"
    16  	kbname "github.com/keybase/client/go/kbun"
    17  	"github.com/keybase/client/go/logger"
    18  	"github.com/stretchr/testify/require"
    19  )
    20  
    21  type testConfig struct {
    22  	codec     kbfscodec.Codec
    23  	kbpki     idutil.KBPKI
    24  	keyServer KeyServer
    25  }
    26  
    27  func (tc testConfig) Codec() kbfscodec.Codec {
    28  	return tc.codec
    29  }
    30  
    31  func (tc testConfig) KBPKI() idutil.KBPKI {
    32  	return tc.kbpki
    33  }
    34  
    35  func (tc testConfig) KeyServer() KeyServer {
    36  	return tc.keyServer
    37  }
    38  
    39  // Test that Put/Get works for TLF crypt key server halves.
    40  func TestKeyServerLocalTLFCryptKeyServerHalves(t *testing.T) {
    41  	// simulate two users
    42  	var userName1, userName2 kbname.NormalizedUsername = "u1", "u2"
    43  
    44  	ctx := context.Background()
    45  	codec := kbfscodec.NewMsgpack()
    46  
    47  	localUsers := idutil.MakeLocalUsers(
    48  		[]kbname.NormalizedUsername{userName1, userName2})
    49  	uid1 := localUsers[0].UID
    50  	daemon1 := idutil.NewDaemonLocal(uid1, localUsers, nil, codec)
    51  	kbpki1 := &idutiltest.DaemonKBPKI{
    52  		KBPKI:  nil,
    53  		Daemon: daemon1,
    54  	}
    55  	config1 := testConfig{codec, kbpki1, nil}
    56  	ks1, err := NewKeyServerMemory(config1, logger.NewTestLogger(t))
    57  	require.NoError(t, err)
    58  	defer ks1.Shutdown()
    59  	config1.keyServer = ks1
    60  	ko1 := KeyOpsStandard{config1}
    61  
    62  	session1, err := kbpki1.GetCurrentSession(ctx)
    63  	require.NoError(t, err)
    64  	publicKey1 := session1.CryptPublicKey
    65  
    66  	uid2 := localUsers[1].UID
    67  	daemon2 := idutil.NewDaemonLocal(uid2, localUsers, nil, codec)
    68  	kbpki2 := &idutiltest.DaemonKBPKI{
    69  		KBPKI:  nil,
    70  		Daemon: daemon2,
    71  	}
    72  	config2 := testConfig{codec, kbpki2, nil}
    73  	ks2 := ks1.CopyWithConfigAndLogger(config2, logger.NewTestLogger(t))
    74  	defer ks2.Shutdown()
    75  	config2.keyServer = ks2
    76  	ko2 := KeyOpsStandard{config2}
    77  
    78  	session2, err := kbpki2.GetCurrentSession(ctx)
    79  	require.NoError(t, err)
    80  	publicKey2 := session2.CryptPublicKey
    81  
    82  	serverHalf1 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{1})
    83  	serverHalf2 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{2})
    84  	serverHalf3 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{3})
    85  	serverHalf4 := kbfscrypto.MakeTLFCryptKeyServerHalf([32]byte{4})
    86  
    87  	// write 1
    88  	keyHalves := make(kbfsmd.UserDeviceKeyServerHalves)
    89  	deviceHalves := make(kbfsmd.DeviceKeyServerHalves)
    90  	deviceHalves[publicKey1] = serverHalf1
    91  	keyHalves[uid1] = deviceHalves
    92  
    93  	err = ko1.PutTLFCryptKeyServerHalves(ctx, keyHalves)
    94  	require.NoError(t, err)
    95  
    96  	// write 2
    97  	keyHalves = make(kbfsmd.UserDeviceKeyServerHalves)
    98  	deviceHalves = make(kbfsmd.DeviceKeyServerHalves)
    99  	deviceHalves[publicKey1] = serverHalf2
   100  	keyHalves[uid1] = deviceHalves
   101  
   102  	err = ko1.PutTLFCryptKeyServerHalves(ctx, keyHalves)
   103  	require.NoError(t, err)
   104  
   105  	// write 3 and 4 together
   106  	keyHalves = make(kbfsmd.UserDeviceKeyServerHalves)
   107  	deviceHalves1 := make(kbfsmd.DeviceKeyServerHalves)
   108  	deviceHalves2 := make(kbfsmd.DeviceKeyServerHalves)
   109  	deviceHalves1[publicKey1] = serverHalf3
   110  	keyHalves[uid1] = deviceHalves1
   111  	deviceHalves2[publicKey2] = serverHalf4
   112  	keyHalves[uid2] = deviceHalves2
   113  
   114  	err = ko1.PutTLFCryptKeyServerHalves(ctx, keyHalves)
   115  	require.NoError(t, err)
   116  
   117  	serverHalfID1, err :=
   118  		kbfscrypto.MakeTLFCryptKeyServerHalfID(uid1, publicKey1, serverHalf1)
   119  	require.NoError(t, err)
   120  
   121  	serverHalfID2, err :=
   122  		kbfscrypto.MakeTLFCryptKeyServerHalfID(uid1, publicKey1, serverHalf2)
   123  	require.NoError(t, err)
   124  
   125  	serverHalfID3, err :=
   126  		kbfscrypto.MakeTLFCryptKeyServerHalfID(uid1, publicKey1, serverHalf3)
   127  	require.NoError(t, err)
   128  
   129  	serverHalfID4, err :=
   130  		kbfscrypto.MakeTLFCryptKeyServerHalfID(uid2, publicKey2, serverHalf4)
   131  	require.NoError(t, err)
   132  
   133  	half1, err := ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID1, publicKey1)
   134  	require.NoError(t, err)
   135  
   136  	require.Equal(t, serverHalf1, half1)
   137  
   138  	half2, err := ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID2, publicKey1)
   139  	require.NoError(t, err)
   140  
   141  	require.Equal(t, serverHalf2, half2)
   142  
   143  	half3, err := ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID3, publicKey1)
   144  	require.NoError(t, err)
   145  
   146  	require.Equal(t, serverHalf3, half3)
   147  
   148  	_, err = ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfID4, publicKey1)
   149  	require.IsType(t, kbfsmd.ServerErrorUnauthorized{}, err)
   150  
   151  	// try to get uid2's key now as uid2
   152  	half4, err := ko2.GetTLFCryptKeyServerHalf(ctx, serverHalfID4, publicKey2)
   153  	require.NoError(t, err)
   154  
   155  	require.Equal(t, serverHalf4, half4)
   156  
   157  	serverHalfIDNope, err := kbfscrypto.MakeTLFCryptKeyServerHalfID(
   158  		uid1, publicKey1, serverHalf4)
   159  	require.NoError(t, err)
   160  
   161  	_, err = ko1.GetTLFCryptKeyServerHalf(ctx, serverHalfIDNope, publicKey1)
   162  	require.Error(t, err)
   163  }