1
2
3
4
5 package packet
6
7 import (
8 "bytes"
9 "crypto/rand"
10 "encoding/hex"
11 "io"
12 "io/ioutil"
13 mathrand "math/rand"
14 "testing"
15
16 "github.com/ProtonMail/go-crypto/openpgp/s2k"
17 )
18
19 const maxPassLen = 64
20
21
22 func TestDecryptSymmetricKeyAndEncryptedDataPacket(t *testing.T) {
23 for _, testCase := range keyAndIpePackets {
24
25 buf := readerFromHex(testCase.packets)
26 packet, err := Read(buf)
27 if err != nil {
28 t.Fatalf("failed to read SymmetricKeyEncrypted: %s", err)
29 }
30 ske, ok := packet.(*SymmetricKeyEncrypted)
31 if !ok {
32 t.Fatal("didn't find SymmetricKeyEncrypted packet")
33 }
34
35 key, cipherFunc, err := ske.Decrypt([]byte(testCase.password))
36 if err != nil {
37 t.Fatal(err)
38 }
39 packet, err = Read(buf)
40 if err != nil {
41 t.Fatalf("failed to read SymmetricallyEncrypted: %s", err)
42 }
43
44 var edp EncryptedDataPacket
45 switch packet.(type) {
46 case *SymmetricallyEncrypted:
47 edp, _ = packet.(*SymmetricallyEncrypted)
48 case *AEADEncrypted:
49 edp, _ = packet.(*AEADEncrypted)
50 default:
51 t.Fatal("no integrity protected packet")
52 }
53 r, err := edp.Decrypt(cipherFunc, key)
54 if err != nil {
55 t.Fatal(err)
56 }
57
58 contents, err := ioutil.ReadAll(r)
59 if err != nil && err != io.EOF && err != io.ErrUnexpectedEOF {
60 t.Fatal(err)
61 }
62
63 expectedContents, _ := hex.DecodeString(testCase.contents)
64 if !bytes.Equal(expectedContents, contents) {
65 t.Errorf("bad contents got:%x want:%x", contents, expectedContents)
66 }
67 }
68 }
69
70 func TestSerializeSymmetricKeyEncryptedV5RandomizeSlow(t *testing.T) {
71 ciphers := map[string]CipherFunction{
72 "AES128": CipherAES128,
73 "AES192": CipherAES192,
74 "AES256": CipherAES256,
75 }
76
77 modes := map[string]AEADMode{
78 "EAX": AEADModeEAX,
79 "OCB": AEADModeOCB,
80 "GCM": AEADModeGCM,
81 }
82
83 modesS2K := map[string]s2k.Mode{
84 "Salted": s2k.SaltedS2K,
85 "Iterated": s2k.IteratedSaltedS2K,
86 "Argon2": s2k.Argon2S2K,
87 }
88
89 for cipherName, cipher := range ciphers {
90 t.Run(cipherName, func(t *testing.T) {
91 for modeName, mode := range modes {
92 t.Run(modeName, func(t *testing.T) {
93 for s2kName, s2ktype := range modesS2K {
94 t.Run(s2kName, func(t *testing.T) {
95 var buf bytes.Buffer
96 passphrase := randomKey(mathrand.Intn(maxPassLen))
97
98 config := &Config{
99 DefaultCipher: cipher,
100 AEADConfig: &AEADConfig{DefaultMode: mode},
101 S2KConfig: &s2k.Config{S2KMode: s2ktype, PassphraseIsHighEntropy: true},
102 }
103
104 key, err := SerializeSymmetricKeyEncrypted(&buf, passphrase, config)
105 p, err := Read(&buf)
106 if err != nil {
107 t.Errorf("failed to reparse %s", err)
108 }
109 ske, ok := p.(*SymmetricKeyEncrypted)
110 if !ok {
111 t.Errorf("parsed a different packet type: %#v", p)
112 }
113
114 parsedKey, _, err := ske.Decrypt(passphrase)
115 if err != nil {
116 t.Errorf("failed to decrypt reparsed SKE: %s", err)
117 }
118 if !bytes.Equal(key, parsedKey) {
119 t.Errorf("keys don't match after Decrypt: %x (original) vs %x (parsed)", key, parsedKey)
120 }
121 })
122 }
123 })
124 }
125 })
126 }
127 }
128
129 func TestSerializeSymmetricKeyEncryptedCiphersV4(t *testing.T) {
130 tests := map[string]CipherFunction{
131 "AES128": CipherAES128,
132 "AES192": CipherAES192,
133 "AES256": CipherAES256,
134 }
135
136 testS2K := map[string]s2k.Mode{
137 "Salted": s2k.SaltedS2K,
138 "Iterated": s2k.IteratedSaltedS2K,
139 "Argon2": s2k.Argon2S2K,
140 }
141
142 for cipherName, cipher := range tests {
143 t.Run(cipherName, func(t *testing.T) {
144 for s2kName, s2ktype := range testS2K {
145 t.Run(s2kName, func(t *testing.T) {
146 var buf bytes.Buffer
147 passphrase := make([]byte, mathrand.Intn(maxPassLen))
148 if _, err := rand.Read(passphrase); err != nil {
149 panic(err)
150 }
151 config := &Config{
152 DefaultCipher: cipher,
153 S2KConfig: &s2k.Config{
154 S2KMode: s2ktype,
155 PassphraseIsHighEntropy: true,
156 },
157 }
158
159 key, err := SerializeSymmetricKeyEncrypted(&buf, passphrase, config)
160 if err != nil {
161 t.Fatalf("failed to serialize: %s", err)
162 }
163
164 p, err := Read(&buf)
165 if err != nil {
166 t.Fatalf("failed to reparse: %s", err)
167 }
168
169 ske, ok := p.(*SymmetricKeyEncrypted)
170 if !ok {
171 t.Fatalf("parsed a different packet type: %#v", p)
172 }
173
174 if ske.CipherFunc != config.DefaultCipher {
175 t.Fatalf("SKE cipher function is %d (expected %d)", ske.CipherFunc, config.DefaultCipher)
176 }
177 parsedKey, parsedCipherFunc, err := ske.Decrypt(passphrase)
178 if err != nil {
179 t.Fatalf("failed to decrypt reparsed SKE: %s", err)
180 }
181 if !bytes.Equal(key, parsedKey) {
182 t.Fatalf("keys don't match after Decrypt: %x (original) vs %x (parsed)", key, parsedKey)
183 }
184 if parsedCipherFunc != cipher {
185 t.Fatalf("cipher function doesn't match after Decrypt: %d (original) vs %d (parsed)",
186 cipher, parsedCipherFunc)
187 }
188 })
189 }
190 })
191 }
192 }
193
View as plain text