tendermint/keys/cryptostore/encoder_test.go

package cryptostore_test

import (
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	cmn "github.com/tendermint/tmlibs/common"

	"github.com/tendermint/go-crypto/keys/cryptostore"
)

func TestNoopEncoder(t *testing.T) {
	assert, require := assert.New(t), require.New(t)
	noop := cryptostore.Noop

	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
	key2 := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))

	_, b, err := noop.Encrypt(key, "encode")
	require.Nil(err)
	assert.NotEmpty(b)

	_, b2, err := noop.Encrypt(key2, "encode")
	require.Nil(err)
	assert.NotEmpty(b2)
	assert.NotEqual(b, b2)

	// note the decode with a different password works - not secure!
	pk, err := noop.Decrypt(nil, b, "decode")
	require.Nil(err)
	require.NotNil(pk)
	assert.Equal(key, pk)

	pk2, err := noop.Decrypt(nil, b2, "kggugougp")
	require.Nil(err)
	require.NotNil(pk2)
	assert.Equal(key2, pk2)
}

func TestSecretBox(t *testing.T) {
	assert, require := assert.New(t), require.New(t)
	enc := cryptostore.SecretBox

	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
	pass := "some-special-secret"

	s, b, err := enc.Encrypt(key, pass)
	require.Nil(err)
	assert.NotEmpty(b)

	// decoding with a different pass is an error
	pk, err := enc.Decrypt(s, b, "decode")
	require.NotNil(err)
	require.True(pk.Empty())

	// but decoding with the same passphrase gets us our key
	pk, err = enc.Decrypt(s, b, pass)
	require.Nil(err)
	assert.Equal(key, pk)
}

func TestSecretBoxNoPass(t *testing.T) {
	assert, require := assert.New(t), require.New(t)
	enc := cryptostore.SecretBox

	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))

	cases := []struct {
		encode string
		decode string
		valid  bool
	}{
		{"foo", "foo", true},
		{"foo", "food", false},
		{"", "", true},
		{"", "a", false},
		{"a", "", false},
	}

	for i, tc := range cases {
		s, b, err := enc.Encrypt(key, tc.encode)
		require.Nil(err, "%d: %+v", i, err)
		assert.NotEmpty(b, "%d", i)

		pk, err := enc.Decrypt(s, b, tc.decode)
		if tc.valid {
			require.Nil(err, "%d: %+v", i, err)
			assert.Equal(key, pk, "%d", i)
		} else {
			require.NotNil(err, "%d", i)
		}
	}

	// now let's make sure raw bytes also work...
	b := key.Bytes()
	pk, err := enc.Decrypt(nil, b, "")
	require.Nil(err, "%+v", err)
	assert.Equal(key, pk)
}