github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/nacl_box_test.go (about)

     1  // Copyright 2015 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  package libkb
     5  
     6  import (
     7  	"bytes"
     8  	"testing"
     9  
    10  	"golang.org/x/crypto/nacl/box"
    11  )
    12  
    13  // Tests to make sure that the nacl/box functions behave as we expect
    14  // them to.
    15  
    16  // Convenience functions for testing.
    17  
    18  func makeKeyPairsOrBust(t *testing.T) (NaclDHKeyPair, NaclDHKeyPair) {
    19  	kp1, err := GenerateNaclDHKeyPair()
    20  	if err != nil {
    21  		t.Fatal(err)
    22  	}
    23  
    24  	kp2, err := GenerateNaclDHKeyPair()
    25  	if err != nil {
    26  		t.Fatal(err)
    27  	}
    28  
    29  	return kp1, kp2
    30  }
    31  
    32  func boxSeal(msg []byte, nonce [24]byte, peersPublicKey NaclDHKeyPublic, privateKey *NaclDHKeyPrivate) []byte {
    33  	return box.Seal(nil, msg, &nonce, (*[32]byte)(&peersPublicKey), (*[32]byte)(privateKey))
    34  }
    35  
    36  func boxOpen(encryptedData []byte, nonce [24]byte, peersPublicKey NaclDHKeyPublic, privateKey *NaclDHKeyPrivate) ([]byte, error) {
    37  	data, ok := box.Open(nil, encryptedData, &nonce, (*[32]byte)(&peersPublicKey), (*[32]byte)(privateKey))
    38  	if ok {
    39  		return data, nil
    40  	}
    41  	return data, DecryptionError{}
    42  }
    43  
    44  // Test that sealing a message and then opening it works and returns
    45  // the original message.
    46  func TestSealOpen(t *testing.T) {
    47  	kp1, kp2 := makeKeyPairsOrBust(t)
    48  
    49  	expectedData := []byte{0, 1, 2, 3, 4}
    50  	nonce := [24]byte{5, 6, 7, 8}
    51  
    52  	encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private)
    53  
    54  	data, err := boxOpen(encryptedData, nonce, kp2.Public, kp1.Private)
    55  	if err != nil {
    56  		t.Fatal(err)
    57  	}
    58  
    59  	if !bytes.Equal(data, expectedData) {
    60  		t.Errorf("Expected %v, got %v", expectedData, data)
    61  	}
    62  
    63  	// Apparently, you can open a message you yourself have sealed.
    64  
    65  	data, err = boxOpen(encryptedData, nonce, kp1.Public, kp2.Private)
    66  	if err != nil {
    67  		t.Fatal(err)
    68  	}
    69  
    70  	if !bytes.Equal(data, expectedData) {
    71  		t.Errorf("Expected %v, got %v", expectedData, data)
    72  	}
    73  }
    74  
    75  // Test that opening a message with the wrong key combinations won't
    76  // work.
    77  func TestOpenWrongKeyCombos(t *testing.T) {
    78  	kp1, kp2 := makeKeyPairsOrBust(t)
    79  
    80  	expectedData := []byte{0, 1, 2, 3, 4}
    81  	nonce := [24]byte{5, 6, 7, 8}
    82  
    83  	encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private)
    84  
    85  	// Run through all possible invalid combinations.
    86  
    87  	var data []byte
    88  	var err error
    89  
    90  	data, err = boxOpen(encryptedData, nonce, kp1.Public, (*NaclDHKeyPrivate)(&kp1.Public))
    91  	if err == nil {
    92  		t.Errorf("Open unexpectedly worked: %v", data)
    93  	}
    94  
    95  	data, err = boxOpen(encryptedData, nonce, kp1.Public, kp1.Private)
    96  	if err == nil {
    97  		t.Errorf("Open unexpectedly worked: %v", data)
    98  	}
    99  
   100  	data, err = boxOpen(encryptedData, nonce, kp1.Public, (*NaclDHKeyPrivate)(&kp2.Public))
   101  	if err == nil {
   102  		t.Errorf("Open unexpectedly worked: %v", data)
   103  	}
   104  
   105  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), (*NaclDHKeyPrivate)(&kp1.Public))
   106  	if err == nil {
   107  		t.Errorf("Open unexpectedly worked: %v", data)
   108  	}
   109  
   110  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), kp1.Private)
   111  	if err == nil {
   112  		t.Errorf("Open unexpectedly worked: %v", data)
   113  	}
   114  
   115  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), (*NaclDHKeyPrivate)(&kp2.Public))
   116  	if err == nil {
   117  		t.Errorf("Open unexpectedly worked: %v", data)
   118  	}
   119  
   120  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), kp2.Private)
   121  	if err == nil {
   122  		t.Errorf("Open unexpectedly worked: %v", data)
   123  	}
   124  
   125  	data, err = boxOpen(encryptedData, nonce, kp2.Public, (*NaclDHKeyPrivate)(&kp1.Public))
   126  	if err == nil {
   127  		t.Errorf("Open unexpectedly worked: %v", data)
   128  	}
   129  
   130  	data, err = boxOpen(encryptedData, nonce, kp2.Public, (*NaclDHKeyPrivate)(&kp2.Public))
   131  	if err == nil {
   132  		t.Errorf("Open unexpectedly worked: %v", data)
   133  	}
   134  
   135  	data, err = boxOpen(encryptedData, nonce, kp2.Public, kp2.Private)
   136  	if err == nil {
   137  		t.Errorf("Open unexpectedly worked: %v", data)
   138  	}
   139  
   140  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), (*NaclDHKeyPrivate)(&kp1.Public))
   141  	if err == nil {
   142  		t.Errorf("Open unexpectedly worked: %v", data)
   143  	}
   144  
   145  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), kp1.Private)
   146  	if err == nil {
   147  		t.Errorf("Open unexpectedly worked: %v", data)
   148  	}
   149  
   150  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), (*NaclDHKeyPrivate)(&kp2.Public))
   151  	if err == nil {
   152  		t.Errorf("Open unexpectedly worked: %v", data)
   153  	}
   154  
   155  	data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), kp2.Private)
   156  	if err == nil {
   157  		t.Errorf("Open unexpectedly worked: %v", data)
   158  	}
   159  }
   160  
   161  // Test that opening a message with the wrong keys won't work.
   162  func TestOpenWrongKeys(t *testing.T) {
   163  	kp1, kp2 := makeKeyPairsOrBust(t)
   164  
   165  	expectedData := []byte{0, 1, 2, 3, 4}
   166  	nonce := [24]byte{5, 6, 7, 8}
   167  
   168  	encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private)
   169  
   170  	kp3, kp4 := makeKeyPairsOrBust(t)
   171  
   172  	// Run through all possible invalid combinations (not covered
   173  	// by TestOpenWrongKeyCombos).
   174  
   175  	var data []byte
   176  	var err error
   177  
   178  	data, err = boxOpen(encryptedData, nonce, kp1.Public, kp3.Private)
   179  	if err == nil {
   180  		t.Errorf("Open unexpectedly worked: %v", data)
   181  	}
   182  
   183  	data, err = boxOpen(encryptedData, nonce, kp1.Public, kp4.Private)
   184  	if err == nil {
   185  		t.Errorf("Open unexpectedly worked: %v", data)
   186  	}
   187  
   188  	data, err = boxOpen(encryptedData, nonce, kp2.Public, kp3.Private)
   189  	if err == nil {
   190  		t.Errorf("Open unexpectedly worked: %v", data)
   191  	}
   192  
   193  	data, err = boxOpen(encryptedData, nonce, kp2.Public, kp4.Private)
   194  	if err == nil {
   195  		t.Errorf("Open unexpectedly worked: %v", data)
   196  	}
   197  
   198  	data, err = boxOpen(encryptedData, nonce, kp3.Public, kp1.Private)
   199  	if err == nil {
   200  		t.Errorf("Open unexpectedly worked: %v", data)
   201  	}
   202  
   203  	data, err = boxOpen(encryptedData, nonce, kp3.Public, kp2.Private)
   204  	if err == nil {
   205  		t.Errorf("Open unexpectedly worked: %v", data)
   206  	}
   207  
   208  	data, err = boxOpen(encryptedData, nonce, kp4.Public, kp1.Private)
   209  	if err == nil {
   210  		t.Errorf("Open unexpectedly worked: %v", data)
   211  	}
   212  
   213  	data, err = boxOpen(encryptedData, nonce, kp4.Public, kp2.Private)
   214  	if err == nil {
   215  		t.Errorf("Open unexpectedly worked: %v", data)
   216  	}
   217  }
   218  
   219  // Test that opening a modified message doesn't work.
   220  func TestOpenCorruptMessage(t *testing.T) {
   221  	kp1, kp2 := makeKeyPairsOrBust(t)
   222  
   223  	expectedData := []byte{0, 1, 2, 3, 4}
   224  	nonce := [24]byte{5, 6, 7, 8}
   225  
   226  	encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private)
   227  
   228  	var data []byte
   229  	var err error
   230  
   231  	data, err = boxOpen(encryptedData[:len(encryptedData)-1], nonce, kp2.Public, kp1.Private)
   232  	if err == nil {
   233  		t.Errorf("Open unexpectedly worked: %v", data)
   234  	}
   235  
   236  	data, err = boxOpen(append(encryptedData, 0), nonce, kp2.Public, kp1.Private)
   237  	if err == nil {
   238  		t.Errorf("Open unexpectedly worked: %v", data)
   239  	}
   240  
   241  	encryptedData[0] = ^encryptedData[0]
   242  
   243  	data, err = boxOpen(encryptedData, nonce, kp2.Public, kp1.Private)
   244  	if err == nil {
   245  		t.Errorf("Open unexpectedly worked: %v", data)
   246  	}
   247  
   248  	encryptedData[box.Overhead] = ^encryptedData[box.Overhead]
   249  
   250  	data, err = boxOpen(encryptedData, nonce, kp2.Public, kp1.Private)
   251  	if err == nil {
   252  		t.Errorf("Open unexpectedly worked: %v", data)
   253  	}
   254  }
   255  
   256  // Test that opening a message with a modified nonce doesn't work.
   257  func TestOpenCorruptNonce(t *testing.T) {
   258  	kp1, kp2 := makeKeyPairsOrBust(t)
   259  
   260  	expectedData := []byte{0, 1, 2, 3, 4}
   261  	nonce := [24]byte{5, 6, 7, 8}
   262  
   263  	encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private)
   264  
   265  	var data []byte
   266  	var err error
   267  
   268  	nonce[0] = ^nonce[0]
   269  
   270  	data, err = boxOpen(encryptedData, nonce, kp2.Public, kp1.Private)
   271  	if err == nil {
   272  		t.Errorf("Open unexpectedly worked: %v", data)
   273  	}
   274  }