mirrors/age
1
0
Fork 0
mirror of https://github.com/FiloSottile/age.git synced 2026-01-09 13:23:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

age,cmd/age,cmd/age-keygen: add post-quantum hybrid keys

Browse Source
This commit is contained in:
Filippo Valsorda
2025-11-17 12:32:50 +01:00
committed by Filippo Valsorda
parent 6ece9e45ee
commit c6fcb5300c
20 changed files with 720 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
recipients_test.go
View File

@@ -7,6 +7,7 @@ package age_test
import (
"bytes"
"crypto/rand"
"io"
"testing"
"filippo.io/age"
@@ -49,6 +50,67 @@ func TestX25519RoundTrip(t *testing.T) {
}
}
func TestHybridRoundTrip(t *testing.T) {
i, err := age.GenerateHybridIdentity()
if err != nil {
t.Fatal(err)
}
r := i.Recipient()
if r1, err := age.ParseHybridRecipient(r.String()); err != nil {
t.Fatal(err)
} else if r1.String() != r.String() {
t.Errorf("recipient did not round-trip through parsing: got %q, want %q", r1, r)
}
if i1, err := age.ParseHybridIdentity(i.String()); err != nil {
t.Fatal(err)
} else if i1.String() != i.String() {
t.Errorf("identity did not round-trip through parsing: got %q, want %q", i1, i)
}
fileKey := make([]byte, 16)
if _, err := rand.Read(fileKey); err != nil {
t.Fatal(err)
}
stanzas, err := r.Wrap(fileKey)
if err != nil {
t.Fatal(err)
}
out, err := i.Unwrap(stanzas)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(fileKey, out) {
t.Errorf("invalid output: %x, expected %x", out, fileKey)
}
}
func TestHybridMixingRestrictions(t *testing.T) {
x25519, err := age.GenerateX25519Identity()
if err != nil {
t.Fatal(err)
}
hybrid, err := age.GenerateHybridIdentity()
if err != nil {
t.Fatal(err)
}
// Hybrid recipients can be used together.
if _, err := age.Encrypt(io.Discard, hybrid.Recipient(), hybrid.Recipient()); err != nil {
t.Errorf("expected two hybrid recipients to work, got %v", err)
}
// Hybrid and X25519 recipients cannot be mixed.
if _, err := age.Encrypt(io.Discard, hybrid.Recipient(), x25519.Recipient()); err == nil {
t.Error("expected hybrid mixed with X25519 to fail")
}
if _, err := age.Encrypt(io.Discard, x25519.Recipient(), hybrid.Recipient()); err == nil {
t.Error("expected X25519 mixed with hybrid to fail")
}
}
func TestScryptRoundTrip(t *testing.T) {
password := "twitch.tv/filosottile"