github.com/zntrio/harp/v2@v2.0.9/pkg/sdk/value/encryption/transformer_test.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package encryption_test 19 20 import ( 21 "context" 22 "errors" 23 "reflect" 24 "testing" 25 26 "github.com/stretchr/testify/assert" 27 28 "github.com/zntrio/harp/v2/pkg/sdk/value" 29 "github.com/zntrio/harp/v2/pkg/sdk/value/encryption" 30 // Register encryption transformers. 31 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/aead" 32 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/age" 33 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/dae" 34 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/fernet" 35 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/jwe" 36 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/paseto" 37 _ "github.com/zntrio/harp/v2/pkg/sdk/value/encryption/secretbox" 38 "github.com/zntrio/harp/v2/pkg/sdk/value/mock" 39 ) 40 41 func TestFromKey(t *testing.T) { 42 type args struct { 43 keyValue string 44 } 45 tests := []struct { 46 name string 47 args args 48 want value.Transformer 49 wantErr bool 50 }{ 51 { 52 name: "blank", 53 args: args{ 54 keyValue: "", 55 }, 56 wantErr: true, 57 }, 58 { 59 name: "invalid aes-gcm", 60 args: args{ 61 keyValue: "aes-gcm:zQyPnNa-jlQsLW3Ypd87cX88ROMkdgnqv0a3y8", 62 }, 63 wantErr: true, 64 }, 65 { 66 name: "invalid secretbox", 67 args: args{ 68 keyValue: "secretbox:gCUODuqhcktiM1USKOfkwVlKhoUyHxXZm6d6", 69 }, 70 wantErr: true, 71 }, 72 { 73 name: "invalid fernet", 74 args: args{ 75 keyValue: "fernet:ZER8WwNyw5Dsd65bctxillSrRMX4ObaZsQjaNW1", 76 }, 77 wantErr: true, 78 }, 79 { 80 name: "aes-gcm", 81 args: args{ 82 keyValue: "aes-gcm:zQyPnNa-jlQsLW3Ypd87cX88ROMkdgnqv0a3y8LiISg=", 83 }, 84 wantErr: false, 85 }, 86 { 87 name: "dae-aes-gcm", 88 args: args{ 89 keyValue: "dae-aes-gcm:zQyPnNa-jlQsLW3Ypd87cX88ROMkdgnqv0a3y8LiISg=", 90 }, 91 wantErr: false, 92 }, 93 { 94 name: "dae-aes-gcm", 95 args: args{ 96 keyValue: "dae-aes-gcm:zQyPnNa-jlQsLW3Ypd87cX88ROMkdgnqv0a3y8LiISg=:jc32fV49Vi94NUYPnYR6ShInCD5rAiuMkkK2zb-Up4k=", 97 }, 98 wantErr: false, 99 }, 100 { 101 name: "secretbox", 102 args: args{ 103 keyValue: "secretbox:gCUODuqhcktiM1USKOfkwVlKhoUyHxXZm6d64nztCp0=", 104 }, 105 wantErr: false, 106 }, 107 { 108 name: "chacha", 109 args: args{ 110 keyValue: "chacha:gCUODuqhcktiM1USKOfkwVlKhoUyHxXZm6d64nztCp0=", 111 }, 112 wantErr: false, 113 }, 114 { 115 name: "dae-chacha", 116 args: args{ 117 keyValue: "dae-chacha:gCUODuqhcktiM1USKOfkwVlKhoUyHxXZm6d64nztCp0=", 118 }, 119 wantErr: false, 120 }, 121 { 122 name: "dae-chacha with salt", 123 args: args{ 124 keyValue: "dae-chacha:gCUODuqhcktiM1USKOfkwVlKhoUyHxXZm6d64nztCp0=:jc32fV49Vi94NUYPnYR6ShInCD5rAiuMkkK2zb-Up4k=", 125 }, 126 wantErr: false, 127 }, 128 { 129 name: "xchacha", 130 args: args{ 131 keyValue: "xchacha:VhfCXaD_QwwwoPCjLJx6vgnaSo0sMPjdCmT0RUUQjBQ=", 132 }, 133 wantErr: false, 134 }, 135 { 136 name: "dae-xchacha", 137 args: args{ 138 keyValue: "dae-xchacha:VhfCXaD_QwwwoPCjLJx6vgnaSo0sMPjdCmT0RUUQjBQ=", 139 }, 140 wantErr: false, 141 }, 142 { 143 name: "dae-xchacha with salt", 144 args: args{ 145 keyValue: "dae-xchacha:VhfCXaD_QwwwoPCjLJx6vgnaSo0sMPjdCmT0RUUQjBQ=:jc32fV49Vi94NUYPnYR6ShInCD5rAiuMkkK2zb-Up4k=", 146 }, 147 wantErr: false, 148 }, 149 { 150 name: "fernet", 151 args: args{ 152 keyValue: "fernet:ZER8WwNyw5Dsd65bctxillSrRMX4ObaZsQjaNW1nBBI=", 153 }, 154 wantErr: false, 155 }, 156 { 157 name: "aes-siv", 158 args: args{ 159 keyValue: "aes-siv:2XEKpPbE8T0ghLj8Wr9v6stV0YrUCNSoSbtc69Kh-n7-pVaKmWZ8LSvaJOK9BJHqDWE8vyNSzyNpcTYv3-J9lw==", 160 }, 161 wantErr: false, 162 }, 163 { 164 name: "dae-aes-siv", 165 args: args{ 166 keyValue: "dae-aes-siv:2XEKpPbE8T0ghLj8Wr9v6stV0YrUCNSoSbtc69Kh-n7-pVaKmWZ8LSvaJOK9BJHqDWE8vyNSzyNpcTYv3-J9lw==", 167 }, 168 wantErr: false, 169 }, 170 { 171 name: "dae-aes-siv with salt", 172 args: args{ 173 keyValue: "dae-aes-siv:2XEKpPbE8T0ghLj8Wr9v6stV0YrUCNSoSbtc69Kh-n7-pVaKmWZ8LSvaJOK9BJHqDWE8vyNSzyNpcTYv3-J9lw==:jc32fV49Vi94NUYPnYR6ShInCD5rAiuMkkK2zb-Up4k=", 174 }, 175 wantErr: false, 176 }, 177 { 178 name: "aes-pmac-siv", 179 args: args{ 180 keyValue: "aes-pmac-siv:Brfled4G7okhpCb6T2HMWKgDo1vyqrEdWWVIXfcFUysHaOacXkER5z9GHRuz89scK2TSE962nAFUcScAkihP9w==", 181 }, 182 wantErr: false, 183 }, 184 { 185 name: "dae-aes-pmac-siv", 186 args: args{ 187 keyValue: "dae-aes-pmac-siv:Brfled4G7okhpCb6T2HMWKgDo1vyqrEdWWVIXfcFUysHaOacXkER5z9GHRuz89scK2TSE962nAFUcScAkihP9w==", 188 }, 189 wantErr: false, 190 }, 191 { 192 name: "dae-aes-pmac-siv with salt", 193 args: args{ 194 keyValue: "dae-aes-pmac-siv:Brfled4G7okhpCb6T2HMWKgDo1vyqrEdWWVIXfcFUysHaOacXkER5z9GHRuz89scK2TSE962nAFUcScAkihP9w==:jc32fV49Vi94NUYPnYR6ShInCD5rAiuMkkK2zb-Up4k=", 195 }, 196 wantErr: false, 197 }, 198 { 199 name: "jwe", 200 args: args{ 201 keyValue: "jwe:a256kw:ZER8WwNyw5Dsd65bctxillSrRMX4ObaZsQjaNW1nBBI=", 202 }, 203 wantErr: false, 204 }, 205 { 206 name: "paseto", 207 args: args{ 208 keyValue: "paseto:kP1yHnBcOhjowNFXSCyycSuXdUqTlbuE6ES5tTp-I_o=", 209 }, 210 wantErr: false, 211 }, 212 /*{ 213 name: "age-recipients", 214 args: args{ 215 keyValue: "age-recipients:age1ce20pmz8z0ue97v7rz838v6pcpvzqan30lr40tjlzy40ez8eldrqf2zuxe", 216 }, 217 wantErr: false, 218 }, 219 { 220 name: "age-identity", 221 args: args{ 222 keyValue: "age-identity:AGE-SECRET-KEY-1W8E69DQEVASNK68FX7C6QLD99KTG96RHWW0EZ3RD0L29AHV4S84QHUAP4C", 223 }, 224 wantErr: false, 225 },*/ 226 } 227 for _, tt := range tests { 228 t.Run(tt.name, func(t *testing.T) { 229 got, err := encryption.FromKey(tt.args.keyValue) 230 if (err != nil) != tt.wantErr { 231 t.Errorf("FromKey() error = %v, wantErr %v", err, tt.wantErr) 232 return 233 } 234 if got == nil { 235 return 236 } 237 238 // Ensure not panic 239 assert.NotPanics(t, func() { 240 encryption.Must(got, err) 241 }) 242 243 // Encrypt 244 msg := []byte("msg") 245 encrypted, err := got.To(context.Background(), msg) 246 if err != nil { 247 t.Errorf("To() error = %v, wantErr %v", err, tt.wantErr) 248 return 249 } 250 251 // Decrypt 252 decrypted, err := got.From(context.Background(), encrypted) 253 if err != nil { 254 t.Errorf("From() error = %v, wantErr %v", err, tt.wantErr) 255 return 256 } 257 258 // Check identity 259 if !reflect.DeepEqual(msg, decrypted) { 260 t.Errorf("expectd: %v, got: %v", msg, decrypted) 261 return 262 } 263 }) 264 } 265 } 266 267 func TestMust(t *testing.T) { 268 assert.Panics(t, func() { 269 encryption.Must(mock.Transformer(nil), errors.New("test")) 270 }) 271 272 assert.Panics(t, func() { 273 encryption.Must(nil, nil) 274 }) 275 }