package cryptostore_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
cmn "github.com/tendermint/tmlibs/common"
|
|
|
|
"github.com/tendermint/go-crypto/keys/cryptostore"
|
|
)
|
|
|
|
func TestNoopEncoder(t *testing.T) {
|
|
assert, require := assert.New(t), require.New(t)
|
|
noop := cryptostore.Noop
|
|
|
|
key, err := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
|
|
require.NoError(err)
|
|
key2, err := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
|
|
require.NoError(err)
|
|
|
|
b, err := noop.Encrypt(key, "encode")
|
|
require.Nil(err)
|
|
assert.NotEmpty(b)
|
|
|
|
b2, err := noop.Encrypt(key2, "encode")
|
|
require.Nil(err)
|
|
assert.NotEmpty(b2)
|
|
assert.NotEqual(b, b2)
|
|
|
|
// note the decode with a different password works - not secure!
|
|
pk, err := noop.Decrypt(b, "decode")
|
|
require.Nil(err)
|
|
require.NotNil(pk)
|
|
assert.Equal(key, pk)
|
|
|
|
pk2, err := noop.Decrypt(b2, "kggugougp")
|
|
require.Nil(err)
|
|
require.NotNil(pk2)
|
|
assert.Equal(key2, pk2)
|
|
}
|
|
|
|
func TestSecretBox(t *testing.T) {
|
|
assert, require := assert.New(t), require.New(t)
|
|
enc := cryptostore.SecretBox
|
|
|
|
key, err := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
|
|
require.NoError(err)
|
|
pass := "some-special-secret"
|
|
|
|
b, err := enc.Encrypt(key, pass)
|
|
require.Nil(err)
|
|
assert.NotEmpty(b)
|
|
|
|
// decoding with a different pass is an error
|
|
pk, err := enc.Decrypt(b, "decode")
|
|
require.NotNil(err)
|
|
require.True(pk.Empty())
|
|
|
|
// but decoding with the same passphrase gets us our key
|
|
pk, err = enc.Decrypt(b, pass)
|
|
require.Nil(err)
|
|
assert.Equal(key, pk)
|
|
}
|
|
|
|
func TestSecretBoxNoPass(t *testing.T) {
|
|
assert, require := assert.New(t), require.New(t)
|
|
enc := cryptostore.SecretBox
|
|
|
|
key, rerr := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
|
|
require.NoError(rerr)
|
|
|
|
cases := []struct {
|
|
encode string
|
|
decode string
|
|
valid bool
|
|
}{
|
|
{"foo", "foo", true},
|
|
{"foo", "food", false},
|
|
{"", "", true},
|
|
{"", "a", false},
|
|
{"a", "", false},
|
|
}
|
|
|
|
for i, tc := range cases {
|
|
b, err := enc.Encrypt(key, tc.encode)
|
|
require.Nil(err, "%d: %+v", i, err)
|
|
assert.NotEmpty(b, "%d", i)
|
|
|
|
pk, err := enc.Decrypt(b, tc.decode)
|
|
if tc.valid {
|
|
require.Nil(err, "%d: %+v", i, err)
|
|
assert.Equal(key, pk, "%d", i)
|
|
} else {
|
|
require.NotNil(err, "%d", i)
|
|
}
|
|
}
|
|
|
|
// now let's make sure raw bytes also work...
|
|
b := key.Bytes()
|
|
pk, err := enc.Decrypt(b, "")
|
|
require.Nil(err, "%+v", err)
|
|
assert.Equal(key, pk)
|
|
}
|