|
@ -84,65 +84,69 @@ func TestKeyManagement(t *testing.T) { |
|
|
|
|
|
|
|
|
// TestSignVerify does some detailed checks on how we sign and validate
|
|
|
// TestSignVerify does some detailed checks on how we sign and validate
|
|
|
// signatures
|
|
|
// signatures
|
|
|
// func TestSignVerify(t *testing.T) {
|
|
|
|
|
|
// assert, require := assert.New(t), require.New(t)
|
|
|
|
|
|
|
|
|
func TestSignVerify(t *testing.T) { |
|
|
|
|
|
assert, require := assert.New(t), require.New(t) |
|
|
|
|
|
|
|
|
// // make the storage with reasonable defaults
|
|
|
|
|
|
// cstore := cryptostore.New(
|
|
|
|
|
|
// cryptostore.GenSecp256k1,
|
|
|
|
|
|
// cryptostore.SecretBox,
|
|
|
|
|
|
// memstorage.New(),
|
|
|
|
|
|
// )
|
|
|
|
|
|
|
|
|
// make the storage with reasonable defaults
|
|
|
|
|
|
cstore := cryptostore.New( |
|
|
|
|
|
cryptostore.SecretBox, |
|
|
|
|
|
memstorage.New(), |
|
|
|
|
|
keys.MustLoadCodec("english"), |
|
|
|
|
|
) |
|
|
|
|
|
algo := crypto.NameSecp256k1 |
|
|
|
|
|
|
|
|
// n1, n2 := "some dude", "a dudette"
|
|
|
|
|
|
// p1, p2 := "1234", "foobar"
|
|
|
|
|
|
|
|
|
|
|
|
// // create two users and get their info
|
|
|
|
|
|
// err := cstore.Create(n1, p1)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
// i1, err := cstore.Get(n1)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
|
|
|
|
|
|
// err = cstore.Create(n2, p2)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
// i2, err := cstore.Get(n2)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
|
|
|
|
|
|
// // let's try to sign some messages
|
|
|
|
|
|
// d1 := []byte("my first message")
|
|
|
|
|
|
// d2 := []byte("some other important info!")
|
|
|
|
|
|
|
|
|
|
|
|
// // try signing both data with both keys...
|
|
|
|
|
|
// s11, err := cstore.Signature(n1, p1, d1)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
// s12, err := cstore.Signature(n1, p1, d2)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
// s21, err := cstore.Signature(n2, p2, d1)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
// s22, err := cstore.Signature(n2, p2, d2)
|
|
|
|
|
|
// require.Nil(err)
|
|
|
|
|
|
|
|
|
|
|
|
// // let's try to validate and make sure it only works when everything is proper
|
|
|
|
|
|
// keys := [][]byte{i1.PubKey, i2.PubKey}
|
|
|
|
|
|
// data := [][]byte{d1, d2}
|
|
|
|
|
|
// sigs := [][]byte{s11, s12, s21, s22}
|
|
|
|
|
|
|
|
|
|
|
|
// // loop over keys and data
|
|
|
|
|
|
// for k := 0; k < 2; k++ {
|
|
|
|
|
|
// for d := 0; d < 2; d++ {
|
|
|
|
|
|
// // make sure only the proper sig works
|
|
|
|
|
|
// good := 2*k + d
|
|
|
|
|
|
// for s := 0; s < 4; s++ {
|
|
|
|
|
|
// err = cstore.Verify(data[d], sigs[s], keys[k])
|
|
|
|
|
|
// if s == good {
|
|
|
|
|
|
// assert.Nil(err, "%+v", err)
|
|
|
|
|
|
// } else {
|
|
|
|
|
|
// assert.NotNil(err)
|
|
|
|
|
|
// }
|
|
|
|
|
|
// }
|
|
|
|
|
|
// }
|
|
|
|
|
|
// }
|
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
n1, n2 := "some dude", "a dudette" |
|
|
|
|
|
p1, p2 := "1234", "foobar" |
|
|
|
|
|
|
|
|
|
|
|
// create two users and get their info
|
|
|
|
|
|
i1, _, err := cstore.Create(n1, p1, algo) |
|
|
|
|
|
require.Nil(err) |
|
|
|
|
|
|
|
|
|
|
|
i2, _, err := cstore.Create(n2, p2, algo) |
|
|
|
|
|
require.Nil(err) |
|
|
|
|
|
|
|
|
|
|
|
// let's try to sign some messages
|
|
|
|
|
|
d1 := []byte("my first message") |
|
|
|
|
|
d2 := []byte("some other important info!") |
|
|
|
|
|
|
|
|
|
|
|
// try signing both data with both keys...
|
|
|
|
|
|
s11 := keys.NewMockSignable(d1) |
|
|
|
|
|
err = cstore.Sign(n1, p1, s11) |
|
|
|
|
|
require.Nil(err) |
|
|
|
|
|
s12 := keys.NewMockSignable(d2) |
|
|
|
|
|
err = cstore.Sign(n1, p1, s12) |
|
|
|
|
|
require.Nil(err) |
|
|
|
|
|
s21 := keys.NewMockSignable(d1) |
|
|
|
|
|
err = cstore.Sign(n2, p2, s21) |
|
|
|
|
|
require.Nil(err) |
|
|
|
|
|
s22 := keys.NewMockSignable(d2) |
|
|
|
|
|
err = cstore.Sign(n2, p2, s22) |
|
|
|
|
|
require.Nil(err) |
|
|
|
|
|
|
|
|
|
|
|
// let's try to validate and make sure it only works when everything is proper
|
|
|
|
|
|
cases := []struct { |
|
|
|
|
|
key crypto.PubKey |
|
|
|
|
|
data []byte |
|
|
|
|
|
sig crypto.Signature |
|
|
|
|
|
valid bool |
|
|
|
|
|
}{ |
|
|
|
|
|
// proper matches
|
|
|
|
|
|
{i1.PubKey, d1, s11.Signature, true}, |
|
|
|
|
|
// change data, pubkey, or signature leads to fail
|
|
|
|
|
|
{i1.PubKey, d2, s11.Signature, false}, |
|
|
|
|
|
{i2.PubKey, d1, s11.Signature, false}, |
|
|
|
|
|
{i1.PubKey, d1, s21.Signature, false}, |
|
|
|
|
|
// make sure other successes
|
|
|
|
|
|
{i1.PubKey, d2, s12.Signature, true}, |
|
|
|
|
|
{i2.PubKey, d1, s21.Signature, true}, |
|
|
|
|
|
{i2.PubKey, d2, s22.Signature, true}, |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
for i, tc := range cases { |
|
|
|
|
|
valid := tc.key.VerifyBytes(tc.data, tc.sig) |
|
|
|
|
|
assert.Equal(tc.valid, valid, "%d", i) |
|
|
|
|
|
} |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
func assertPassword(assert *assert.Assertions, cstore cryptostore.Manager, name, pass, badpass string) { |
|
|
func assertPassword(assert *assert.Assertions, cstore cryptostore.Manager, name, pass, badpass string) { |
|
|
err := cstore.Update(name, badpass, pass) |
|
|
err := cstore.Update(name, badpass, pass) |
|
|