github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/nacl_box_test.go (about) 1 // Copyright 2015 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package libkb 5 6 import ( 7 "bytes" 8 "testing" 9 10 "golang.org/x/crypto/nacl/box" 11 ) 12 13 // Tests to make sure that the nacl/box functions behave as we expect 14 // them to. 15 16 // Convenience functions for testing. 17 18 func makeKeyPairsOrBust(t *testing.T) (NaclDHKeyPair, NaclDHKeyPair) { 19 kp1, err := GenerateNaclDHKeyPair() 20 if err != nil { 21 t.Fatal(err) 22 } 23 24 kp2, err := GenerateNaclDHKeyPair() 25 if err != nil { 26 t.Fatal(err) 27 } 28 29 return kp1, kp2 30 } 31 32 func boxSeal(msg []byte, nonce [24]byte, peersPublicKey NaclDHKeyPublic, privateKey *NaclDHKeyPrivate) []byte { 33 return box.Seal(nil, msg, &nonce, (*[32]byte)(&peersPublicKey), (*[32]byte)(privateKey)) 34 } 35 36 func boxOpen(encryptedData []byte, nonce [24]byte, peersPublicKey NaclDHKeyPublic, privateKey *NaclDHKeyPrivate) ([]byte, error) { 37 data, ok := box.Open(nil, encryptedData, &nonce, (*[32]byte)(&peersPublicKey), (*[32]byte)(privateKey)) 38 if ok { 39 return data, nil 40 } 41 return data, DecryptionError{} 42 } 43 44 // Test that sealing a message and then opening it works and returns 45 // the original message. 46 func TestSealOpen(t *testing.T) { 47 kp1, kp2 := makeKeyPairsOrBust(t) 48 49 expectedData := []byte{0, 1, 2, 3, 4} 50 nonce := [24]byte{5, 6, 7, 8} 51 52 encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private) 53 54 data, err := boxOpen(encryptedData, nonce, kp2.Public, kp1.Private) 55 if err != nil { 56 t.Fatal(err) 57 } 58 59 if !bytes.Equal(data, expectedData) { 60 t.Errorf("Expected %v, got %v", expectedData, data) 61 } 62 63 // Apparently, you can open a message you yourself have sealed. 64 65 data, err = boxOpen(encryptedData, nonce, kp1.Public, kp2.Private) 66 if err != nil { 67 t.Fatal(err) 68 } 69 70 if !bytes.Equal(data, expectedData) { 71 t.Errorf("Expected %v, got %v", expectedData, data) 72 } 73 } 74 75 // Test that opening a message with the wrong key combinations won't 76 // work. 77 func TestOpenWrongKeyCombos(t *testing.T) { 78 kp1, kp2 := makeKeyPairsOrBust(t) 79 80 expectedData := []byte{0, 1, 2, 3, 4} 81 nonce := [24]byte{5, 6, 7, 8} 82 83 encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private) 84 85 // Run through all possible invalid combinations. 86 87 var data []byte 88 var err error 89 90 data, err = boxOpen(encryptedData, nonce, kp1.Public, (*NaclDHKeyPrivate)(&kp1.Public)) 91 if err == nil { 92 t.Errorf("Open unexpectedly worked: %v", data) 93 } 94 95 data, err = boxOpen(encryptedData, nonce, kp1.Public, kp1.Private) 96 if err == nil { 97 t.Errorf("Open unexpectedly worked: %v", data) 98 } 99 100 data, err = boxOpen(encryptedData, nonce, kp1.Public, (*NaclDHKeyPrivate)(&kp2.Public)) 101 if err == nil { 102 t.Errorf("Open unexpectedly worked: %v", data) 103 } 104 105 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), (*NaclDHKeyPrivate)(&kp1.Public)) 106 if err == nil { 107 t.Errorf("Open unexpectedly worked: %v", data) 108 } 109 110 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), kp1.Private) 111 if err == nil { 112 t.Errorf("Open unexpectedly worked: %v", data) 113 } 114 115 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), (*NaclDHKeyPrivate)(&kp2.Public)) 116 if err == nil { 117 t.Errorf("Open unexpectedly worked: %v", data) 118 } 119 120 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp1.Private), kp2.Private) 121 if err == nil { 122 t.Errorf("Open unexpectedly worked: %v", data) 123 } 124 125 data, err = boxOpen(encryptedData, nonce, kp2.Public, (*NaclDHKeyPrivate)(&kp1.Public)) 126 if err == nil { 127 t.Errorf("Open unexpectedly worked: %v", data) 128 } 129 130 data, err = boxOpen(encryptedData, nonce, kp2.Public, (*NaclDHKeyPrivate)(&kp2.Public)) 131 if err == nil { 132 t.Errorf("Open unexpectedly worked: %v", data) 133 } 134 135 data, err = boxOpen(encryptedData, nonce, kp2.Public, kp2.Private) 136 if err == nil { 137 t.Errorf("Open unexpectedly worked: %v", data) 138 } 139 140 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), (*NaclDHKeyPrivate)(&kp1.Public)) 141 if err == nil { 142 t.Errorf("Open unexpectedly worked: %v", data) 143 } 144 145 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), kp1.Private) 146 if err == nil { 147 t.Errorf("Open unexpectedly worked: %v", data) 148 } 149 150 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), (*NaclDHKeyPrivate)(&kp2.Public)) 151 if err == nil { 152 t.Errorf("Open unexpectedly worked: %v", data) 153 } 154 155 data, err = boxOpen(encryptedData, nonce, (NaclDHKeyPublic)(*kp2.Private), kp2.Private) 156 if err == nil { 157 t.Errorf("Open unexpectedly worked: %v", data) 158 } 159 } 160 161 // Test that opening a message with the wrong keys won't work. 162 func TestOpenWrongKeys(t *testing.T) { 163 kp1, kp2 := makeKeyPairsOrBust(t) 164 165 expectedData := []byte{0, 1, 2, 3, 4} 166 nonce := [24]byte{5, 6, 7, 8} 167 168 encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private) 169 170 kp3, kp4 := makeKeyPairsOrBust(t) 171 172 // Run through all possible invalid combinations (not covered 173 // by TestOpenWrongKeyCombos). 174 175 var data []byte 176 var err error 177 178 data, err = boxOpen(encryptedData, nonce, kp1.Public, kp3.Private) 179 if err == nil { 180 t.Errorf("Open unexpectedly worked: %v", data) 181 } 182 183 data, err = boxOpen(encryptedData, nonce, kp1.Public, kp4.Private) 184 if err == nil { 185 t.Errorf("Open unexpectedly worked: %v", data) 186 } 187 188 data, err = boxOpen(encryptedData, nonce, kp2.Public, kp3.Private) 189 if err == nil { 190 t.Errorf("Open unexpectedly worked: %v", data) 191 } 192 193 data, err = boxOpen(encryptedData, nonce, kp2.Public, kp4.Private) 194 if err == nil { 195 t.Errorf("Open unexpectedly worked: %v", data) 196 } 197 198 data, err = boxOpen(encryptedData, nonce, kp3.Public, kp1.Private) 199 if err == nil { 200 t.Errorf("Open unexpectedly worked: %v", data) 201 } 202 203 data, err = boxOpen(encryptedData, nonce, kp3.Public, kp2.Private) 204 if err == nil { 205 t.Errorf("Open unexpectedly worked: %v", data) 206 } 207 208 data, err = boxOpen(encryptedData, nonce, kp4.Public, kp1.Private) 209 if err == nil { 210 t.Errorf("Open unexpectedly worked: %v", data) 211 } 212 213 data, err = boxOpen(encryptedData, nonce, kp4.Public, kp2.Private) 214 if err == nil { 215 t.Errorf("Open unexpectedly worked: %v", data) 216 } 217 } 218 219 // Test that opening a modified message doesn't work. 220 func TestOpenCorruptMessage(t *testing.T) { 221 kp1, kp2 := makeKeyPairsOrBust(t) 222 223 expectedData := []byte{0, 1, 2, 3, 4} 224 nonce := [24]byte{5, 6, 7, 8} 225 226 encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private) 227 228 var data []byte 229 var err error 230 231 data, err = boxOpen(encryptedData[:len(encryptedData)-1], nonce, kp2.Public, kp1.Private) 232 if err == nil { 233 t.Errorf("Open unexpectedly worked: %v", data) 234 } 235 236 data, err = boxOpen(append(encryptedData, 0), nonce, kp2.Public, kp1.Private) 237 if err == nil { 238 t.Errorf("Open unexpectedly worked: %v", data) 239 } 240 241 encryptedData[0] = ^encryptedData[0] 242 243 data, err = boxOpen(encryptedData, nonce, kp2.Public, kp1.Private) 244 if err == nil { 245 t.Errorf("Open unexpectedly worked: %v", data) 246 } 247 248 encryptedData[box.Overhead] = ^encryptedData[box.Overhead] 249 250 data, err = boxOpen(encryptedData, nonce, kp2.Public, kp1.Private) 251 if err == nil { 252 t.Errorf("Open unexpectedly worked: %v", data) 253 } 254 } 255 256 // Test that opening a message with a modified nonce doesn't work. 257 func TestOpenCorruptNonce(t *testing.T) { 258 kp1, kp2 := makeKeyPairsOrBust(t) 259 260 expectedData := []byte{0, 1, 2, 3, 4} 261 nonce := [24]byte{5, 6, 7, 8} 262 263 encryptedData := boxSeal(expectedData, nonce, kp1.Public, kp2.Private) 264 265 var data []byte 266 var err error 267 268 nonce[0] = ^nonce[0] 269 270 data, err = boxOpen(encryptedData, nonce, kp2.Public, kp1.Private) 271 if err == nil { 272 t.Errorf("Open unexpectedly worked: %v", data) 273 } 274 }