1 package encrypted
2
3 import (
4 "encoding/json"
5 "strings"
6 "testing"
7
8 . "gopkg.in/check.v1"
9 )
10
11 var (
12 kdfVectors = map[KDFParameterStrength][]byte{
13 Legacy: []byte(`{"kdf":{"name":"scrypt","params":{"N":32768,"r":8,"p":1},"salt":"WO3mVvyTwJ9vwT5/Tk5OW5WPIBUofMjcpEfrLnfY4uA="},"cipher":{"name":"nacl/secretbox","nonce":"tCy7HcTFr4uxv4Nrg/DWmncuZ148U1MX"},"ciphertext":"08n43p5G5yviPEZpO7tPPF4aZQkWiWjkv4taFdhDBA0tamKH4nw="}`),
14 Standard: []byte(`{"kdf":{"name":"scrypt","params":{"N":65536,"r":8,"p":1},"salt":"FhzPOt9/bJG4PTq6lQ6ecG6GzaOuOy/ynG5+yRiFlNs="},"cipher":{"name":"nacl/secretbox","nonce":"aw1ng1jHaDz/tQ7V2gR9O2+IGQ8xJEuE"},"ciphertext":"HycvuLZL4sYH0BrYTh4E/H20VtAW6u5zL5Pr+IBjYLYnCPzDkq8="}`),
15 OWASP: []byte(`{"kdf":{"name":"scrypt","params":{"N":131072,"r":8,"p":1},"salt":"m38E3kouJTtiheLQN22NQ8DTito5hrjpUIskqcd375k="},"cipher":{"name":"nacl/secretbox","nonce":"Y6PM13yA+o44pE/W1ZBwczeGnTV/m9Zc"},"ciphertext":"6H8sqj1K6B6yDjtH5AQ6lbFigg/C2yDDJc4rYJ79w9aVPImFIPI="}`),
16 }
17 )
18
19
20 func Test(t *testing.T) { TestingT(t) }
21
22 type EncryptedSuite struct{}
23
24 var _ = Suite(&EncryptedSuite{})
25
26 var plaintext = []byte("reallyimportant")
27
28 func (EncryptedSuite) TestRoundtrip(c *C) {
29 passphrase := []byte("supersecret")
30
31 enc, err := Encrypt(plaintext, passphrase)
32 c.Assert(err, IsNil)
33
34
35 dec, err := Decrypt(enc, passphrase)
36 c.Assert(err, IsNil)
37 c.Assert(dec, DeepEquals, plaintext)
38
39
40 passphrase[0] = 0
41 dec, err = Decrypt(enc, passphrase)
42 c.Assert(err, NotNil)
43 c.Assert(dec, IsNil)
44 }
45
46 func (EncryptedSuite) TestTamperedRoundtrip(c *C) {
47 passphrase := []byte("supersecret")
48
49 enc, err := Encrypt(plaintext, passphrase)
50 c.Assert(err, IsNil)
51
52 data := &data{}
53 err = json.Unmarshal(enc, data)
54 c.Assert(err, IsNil)
55
56 data.Ciphertext[0] = ^data.Ciphertext[0]
57
58 enc, _ = json.Marshal(data)
59
60 dec, err := Decrypt(enc, passphrase)
61 c.Assert(err, NotNil)
62 c.Assert(dec, IsNil)
63 }
64
65 func (EncryptedSuite) TestDecrypt(c *C) {
66 enc := []byte(`{"kdf":{"name":"scrypt","params":{"N":32768,"r":8,"p":1},"salt":"N9a7x5JFGbrtB2uBR81jPwp0eiLR4A7FV3mjVAQrg1g="},"cipher":{"name":"nacl/secretbox","nonce":"2h8HxMmgRfuYdpswZBQaU3xJ1nkA/5Ik"},"ciphertext":"SEW6sUh0jf2wfdjJGPNS9+bkk2uB+Cxamf32zR8XkQ=="}`)
67 passphrase := []byte("supersecret")
68
69 dec, err := Decrypt(enc, passphrase)
70 c.Assert(err, IsNil)
71 c.Assert(dec, DeepEquals, plaintext)
72 }
73
74 func (EncryptedSuite) TestMarshalUnmarshal(c *C) {
75 passphrase := []byte("supersecret")
76
77 wrapped, err := Marshal(plaintext, passphrase)
78 c.Assert(err, IsNil)
79 c.Assert(wrapped, NotNil)
80
81 var protected []byte
82 err = Unmarshal(wrapped, &protected, passphrase)
83 c.Assert(err, IsNil)
84 c.Assert(protected, DeepEquals, plaintext)
85 }
86
87 func (EncryptedSuite) TestInvalidKDFSettings(c *C) {
88 passphrase := []byte("supersecret")
89
90 wrapped, err := MarshalWithCustomKDFParameters(plaintext, passphrase, 0)
91 c.Assert(err, IsNil)
92 c.Assert(wrapped, NotNil)
93
94 var protected []byte
95 err = Unmarshal(wrapped, &protected, passphrase)
96 c.Assert(err, IsNil)
97 c.Assert(protected, DeepEquals, plaintext)
98 }
99
100 func (EncryptedSuite) TestLegacyKDFSettings(c *C) {
101 passphrase := []byte("supersecret")
102
103 wrapped, err := MarshalWithCustomKDFParameters(plaintext, passphrase, Legacy)
104 c.Assert(err, IsNil)
105 c.Assert(wrapped, NotNil)
106
107 var protected []byte
108 err = Unmarshal(wrapped, &protected, passphrase)
109 c.Assert(err, IsNil)
110 c.Assert(protected, DeepEquals, plaintext)
111 }
112
113 func (EncryptedSuite) TestStandardKDFSettings(c *C) {
114 passphrase := []byte("supersecret")
115
116 wrapped, err := MarshalWithCustomKDFParameters(plaintext, passphrase, Standard)
117 c.Assert(err, IsNil)
118 c.Assert(wrapped, NotNil)
119
120 var protected []byte
121 err = Unmarshal(wrapped, &protected, passphrase)
122 c.Assert(err, IsNil)
123 c.Assert(protected, DeepEquals, plaintext)
124 }
125
126 func (EncryptedSuite) TestOWASPKDFSettings(c *C) {
127 passphrase := []byte("supersecret")
128
129 wrapped, err := MarshalWithCustomKDFParameters(plaintext, passphrase, OWASP)
130 c.Assert(err, IsNil)
131 c.Assert(wrapped, NotNil)
132
133 var protected []byte
134 err = Unmarshal(wrapped, &protected, passphrase)
135 c.Assert(err, IsNil)
136 c.Assert(protected, DeepEquals, plaintext)
137 }
138
139 func (EncryptedSuite) TestKDFSettingVectors(c *C) {
140 passphrase := []byte("supersecret")
141
142 for _, v := range kdfVectors {
143 var protected []byte
144 err := Unmarshal(v, &protected, passphrase)
145 c.Assert(err, IsNil)
146 c.Assert(protected, DeepEquals, plaintext)
147 }
148 }
149
150 func (EncryptedSuite) TestUnsupportedKDFParameters(c *C) {
151 enc := []byte(`{"kdf":{"name":"scrypt","params":{"N":99,"r":99,"p":99},"salt":"cZFcQJdwPhPyhU1R4qkl0qVOIjZd4V/7LYYAavq166k="},"cipher":{"name":"nacl/secretbox","nonce":"7vhRS7j0hEPBWV05skAdgLj81AkGeE7U"},"ciphertext":"6WYU/YSXVbYzl/NzaeAzmjLyfFhOOjLc0d8/GFV0aBFdJvyCcXc="}`)
152 passphrase := []byte("supersecret")
153
154 dec, err := Decrypt(enc, passphrase)
155 c.Assert(err, NotNil)
156 c.Assert(dec, IsNil)
157 c.Assert(strings.Contains(err.Error(), "unsupported scrypt parameters"), Equals, true)
158 }
159
View as plain text