|
|
- package cryptostore_test
-
- import (
- "testing"
-
- "github.com/stretchr/testify/assert"
- "github.com/stretchr/testify/require"
-
- cmn "github.com/tendermint/tmlibs/common"
-
- "github.com/tendermint/go-crypto/keys/cryptostore"
- )
-
- func TestNoopEncoder(t *testing.T) {
- assert, require := assert.New(t), require.New(t)
- noop := cryptostore.Noop
-
- key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
- key2 := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
-
- b, err := noop.Encrypt(key, "encode")
- require.Nil(err)
- assert.NotEmpty(b)
-
- b2, err := noop.Encrypt(key2, "encode")
- require.Nil(err)
- assert.NotEmpty(b2)
- assert.NotEqual(b, b2)
-
- // note the decode with a different password works - not secure!
- pk, err := noop.Decrypt(b, "decode")
- require.Nil(err)
- require.NotNil(pk)
- assert.Equal(key, pk)
-
- pk2, err := noop.Decrypt(b2, "kggugougp")
- require.Nil(err)
- require.NotNil(pk2)
- assert.Equal(key2, pk2)
- }
-
- func TestSecretBox(t *testing.T) {
- assert, require := assert.New(t), require.New(t)
- enc := cryptostore.SecretBox
-
- key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
- pass := "some-special-secret"
-
- b, err := enc.Encrypt(key, pass)
- require.Nil(err)
- assert.NotEmpty(b)
-
- // decoding with a different pass is an error
- pk, err := enc.Decrypt(b, "decode")
- require.NotNil(err)
- require.True(pk.Empty())
-
- // but decoding with the same passphrase gets us our key
- pk, err = enc.Decrypt(b, pass)
- require.Nil(err)
- assert.Equal(key, pk)
- }
-
- func TestSecretBoxNoPass(t *testing.T) {
- assert, require := assert.New(t), require.New(t)
- enc := cryptostore.SecretBox
-
- key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
-
- cases := []struct {
- encode string
- decode string
- valid bool
- }{
- {"foo", "foo", true},
- {"foo", "food", false},
- {"", "", true},
- {"", "a", false},
- {"a", "", false},
- }
-
- for i, tc := range cases {
- b, err := enc.Encrypt(key, tc.encode)
- require.Nil(err, "%d: %+v", i, err)
- assert.NotEmpty(b, "%d", i)
-
- pk, err := enc.Decrypt(b, tc.decode)
- if tc.valid {
- require.Nil(err, "%d: %+v", i, err)
- assert.Equal(key, pk, "%d", i)
- } else {
- require.NotNil(err, "%d", i)
- }
- }
-
- // now let's make sure raw bytes also work...
- b := key.Bytes()
- pk, err := enc.Decrypt(b, "")
- require.Nil(err, "%+v", err)
- assert.Equal(key, pk)
- }
|