github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/db/encryption/encryption_key_test.go

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/atc/db/encryption/encryption_key_test.go (about)

     1  package encryption_test
     2  
     3  import (
     4  	"crypto/aes"
     5  	"crypto/cipher"
     6  
     7  	"github.com/pf-qiu/concourse/v6/atc/db/encryption"
     8  	. "github.com/onsi/ginkgo"
     9  	. "github.com/onsi/gomega"
    10  )
    11  
    12  var _ = Describe("Encryption Key", func() {
    13  	var (
    14  		key       *encryption.Key
    15  		plaintext []byte
    16  	)
    17  
    18  	BeforeEach(func() {
    19  		k := []byte("AES256Key-32Characters1234567890")
    20  
    21  		block, err := aes.NewCipher(k)
    22  		Expect(err).ToNot(HaveOccurred())
    23  
    24  		aesgcm, err := cipher.NewGCM(block)
    25  		Expect(err).ToNot(HaveOccurred())
    26  
    27  		key = encryption.NewKey(aesgcm)
    28  	})
    29  
    30  	Context("when the key is valid", func() {
    31  		It("encrypts and decrypts plaintext", func() {
    32  			plaintext = []byte("exampleplaintext")
    33  
    34  			By("encrypting the plaintext")
    35  			encryptedText, nonce, err := key.Encrypt(plaintext)
    36  			Expect(err).ToNot(HaveOccurred())
    37  			Expect(encryptedText).ToNot(BeEmpty())
    38  			Expect(encryptedText).ToNot(Equal(plaintext))
    39  
    40  			By("decrypting the encrypted text")
    41  			decryptedText, err := key.Decrypt(encryptedText, nonce)
    42  			Expect(err).ToNot(HaveOccurred())
    43  			Expect(decryptedText).To(Equal(plaintext))
    44  		})
    45  
    46  		Context("when encrypting empty text", func() {
    47  			It("does not error", func() {
    48  				By("encrypting the plaintext")
    49  				encryptedText, nonce, err := key.Encrypt(nil)
    50  				Expect(err).ToNot(HaveOccurred())
    51  
    52  				By("decrypting the encrypted text")
    53  				decryptedText, err := key.Decrypt(encryptedText, nonce)
    54  				Expect(err).ToNot(HaveOccurred())
    55  				Expect(decryptedText).To(BeNil())
    56  			})
    57  		})
    58  
    59  		Context("when the key to decrypt is invalid", func() {
    60  			It("throws an error", func() {
    61  				plaintext = []byte("exampleplaintext")
    62  
    63  				By("encrypting the plaintext")
    64  				encryptedText, nonce, err := key.Encrypt(plaintext)
    65  				Expect(err).ToNot(HaveOccurred())
    66  				Expect(encryptedText).ToNot(BeEmpty())
    67  				Expect(encryptedText).ToNot(Equal(plaintext))
    68  
    69  				By("decrypting the encrypted text with the wrong key")
    70  				k := []byte("AES256Key-32Characters9564567123")
    71  
    72  				block, err := aes.NewCipher(k)
    73  				Expect(err).ToNot(HaveOccurred())
    74  
    75  				aesgcm, err := cipher.NewGCM(block)
    76  				Expect(err).ToNot(HaveOccurred())
    77  
    78  				wrongKey := encryption.NewKey(aesgcm)
    79  
    80  				_, err = wrongKey.Decrypt(encryptedText, nonce)
    81  				Expect(err).To(HaveOccurred())
    82  			})
    83  		})
    84  	})
    85  })