mirrors/redoctober
1
0
Fork 0
mirror of https://github.com/cloudflare/redoctober.git synced 2026-01-07 05:56:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
7a806308d37cecff6ca692b9316dae2198bc2cac
redoctober/cryptor/cryptor_test.go
e 95940ed3fa Add hipchat and ordering support to redoctober. Also fix XSS in RO 
Supports MSP and requires several arguments to add hipchat integration to
red october. RedOctober will then alert on creation of an order, any new
delegation, or several other states.
2016-01-12 11:21:47 -08:00

123 lines
4.9 KiB
Go
Raw Blame History

// cryptor_test.go: tests for core.go
//
// Copyright (c) 2013 CloudFlare, Inc.
package cryptor
import (
"bytes"
"encoding/base64"
"encoding/json"
"testing"
"github.com/cloudflare/redoctober/keycache"
"github.com/cloudflare/redoctober/passvault"
)
func TestHash(t *testing.T) {
decryptJson := []byte("{\"Version\":1,\"VaultId\":529853895,\"KeySet\":[{\"Name\":[\"Bob\",\"Alice\"],\"Key\":\"2j3tI2PBFBbwFX0BlQdUuA==\"},{\"Name\":[\"Bob\",\"Carol\"],\"Key\":\"yLSSB/U6+5rc1E+gjGXT4w==\"},{\"Name\":[\"Alice\",\"Bob\"],\"Key\":\"DDlWHF7szzISuXWaEz8llQ==\"},{\"Name\":[\"Alice\",\"Carol\"],\"Key\":\"TkA13aPrYFNbveIbl0qdww==\"},{\"Name\":[\"Carol\",\"Bob\"],\"Key\":\"KXm0uObmRJ2ZvSYEWPwk2A==\"},{\"Name\":[\"Carol\",\"Alice\"],\"Key\":\"L9c+PqtxPh9y6apRvtbCQw==\"}],\"KeySetRSA\":{\"Alice\":{\"Key\":\"fj5mqnq7y5KCafCGT1I51xI5JsX746+9TTSsp/8ybf3iZjhFzSlwP3aNmsOx3SUKTmZlfs+b+MeD4eKJ2uKBFzQHAIPO0fwoiCDKHhKH6KsolNq4+jgpkLAMOLsQGs8g6BhJy6bCFRjZVc3IdlQABPM6PkTbuSvKhn9atDFwZQD5TJBISi7d2hw4LradtLITbNqwiFMTQQ9+psXzyavY8H3LNHKGgf5Od7IpthEQPCHi4nw7X/YVRTEMfoIVcMcKOwYjlC45/VJEHK9Zy3DSiLBzjmr57YNIVjw8YZY5DGBWqbgu51RUbIcrqyLphBhXoBRu4R+yrhygBNWbvkkifA==\"},\"Bob\":{\"Key\":\"HTYiZ18sf721cAN1LRNkJ/+L4AKWilMrkMyNiBjWcl9HRTVPNXITqQBXd0fBggGNPiZr6VQTySK4ZFvJKGDGiz17Te/ToDn8Yk/B9cqMsN5fHoQtXvl8IZo2wioA67ccAJ1gHMMNpPyLdF43SQqgI+XaQ2lMSYLMfxxDmBBOQ1SWAto0BDRdnsqpwUwIPKQ9Y3/1osmrjLmJoAC3MPplexYWhexNwJtSd+mFdVZ3Qe4x9RsRHcN/myihOt/67V60qzs13F0RZkMSDzj5Ddg+1KVNJZY9dmolPNkAZj8z20L9uzpatrTYTR6A8q/sRn+inO7ZQVQ00XO6q6lYYQzxnw==\"},\"Carol\":{\"Key\":\"ItrvS02nSfbcA2fl1L1i61xqPEDKRdsrYe3+UCbkT+ipheiQRPSuikbzeV2kshn4yJDeku5bmTNqW8HSGtU7GTgCoIWV8WmEf4w6ovzShPbu+VrIZvRz3wjh2oYHT/gtPVAQnBa/71FeoBNxy5l/hBcUmBky43j83Mlt2+8QZx6PEUDmpaPQemVh99+C20nQtkAUFeMc2Ge4y7RlHSxtfABvwlXx1NzCD40nyJfF1SjV/fZh/E2Al4Tavx6DOJkYGoJ2mp7XBvX0IF2tp8T3U5VpnTek/WuNrLL9z7/jqzWh87lZ5KheWXhGkU1BNH4lfIj43pDkSy50aDvS0zYfHQ==\"}},\"IV\":\"58r9Mz8e06mItBG9nSV/0Q==\",\"Data\":\"QE9ZhcGXNXauUdMk04biUGy1SoP5H2nF/j2JjiiVFKPdIdRp/Gc+AZvUI9n22ZM4q+zDiJz7qvK4bKaPpXhTmGP0XheaFUukeVNS9STMoTbNcY/ZtVOz6hizUPF7gSq388QPUsT+Axml3rEUTWOhnw==\",\"Signature\":\"ItiAS26GFlbM5szJr5HXVB9BR+s=\"}")
var encrypted EncryptedData
if err := json.Unmarshal(decryptJson, &encrypted); err != nil {
t.Fatalf("Error unmarshalling json, %v", err)
}
var hmacKey, _ = base64.StdEncoding.DecodeString("Qugc5ZQ0vC7KQSgmDHTVgQ==")
var signature = append([]byte{}, encrypted.Signature...)
expectedSig := encrypted.computeHmac(hmacKey)
if diff := bytes.Compare(signature, expectedSig); diff != 0 {
t.Fatalf("Error comparing signature %v", base64.StdEncoding.EncodeToString(expectedSig))
}
// change version and check hmac
encrypted.Version = 2
unexpectedSig := encrypted.computeHmac(hmacKey)
if diff := bytes.Compare(signature, unexpectedSig); diff == 0 {
t.Fatalf("Error comparing signature")
}
encrypted.Version = 1
// change vaultid and check hmac
encrypted.VaultId = 529853896
unexpectedSig = encrypted.computeHmac(hmacKey)
if diff := bytes.Compare(signature, unexpectedSig); diff == 0 {
t.Fatalf("Error comparing signature")
}
encrypted.VaultId = 529853895
// swap two records and check hmac
encrypted.KeySet[0], encrypted.KeySet[1] = encrypted.KeySet[1], encrypted.KeySet[0]
unexpectedSig = encrypted.computeHmac(hmacKey)
if diff := bytes.Compare(signature, unexpectedSig); diff != 0 {
t.Fatalf("Error comparing signature %v, %v",
base64.StdEncoding.EncodeToString(unexpectedSig),
base64.StdEncoding.EncodeToString(signature))
}
// delete RSA key and check hmac
encrypted.Version = 1
delete(encrypted.KeySetRSA, "Carol")
unexpectedSig = encrypted.computeHmac(hmacKey)
if diff := bytes.Compare(signature, unexpectedSig); diff == 0 {
t.Fatalf("Error comparing signature")
}
}
func TestDuplicates(t *testing.T) {
// Setup total names and partitions.
names := []string{"Alice", "Bob", "Carl"}
recs := make(map[string]passvault.PasswordRecord, 0)
left := []string{"Alice", "Bob"}
right := []string{"Bob", "Carl"}
// Add each user to the keycache.
cache := keycache.NewCache()
records, err := passvault.InitFrom("memory")
if err != nil {
t.Fatalf("%v", err)
}
c := Cryptor{&records, &cache}
for _, name := range names {
pr, err := records.AddNewRecord(name, "weakpassword", true, passvault.DefaultRecordType)
if err != nil {
t.Fatalf("%v", err)
}
recs[name] = pr
}
// Create candidate encryption of message.
ac := AccessStructure{
LeftNames: left,
RightNames: right,
}
resp, err := c.Encrypt([]byte("Hello World!"), []string{}, ac)
if err != nil {
t.Fatalf("Error: %s", err)
}
// Delegate one key at a time and check that decryption fails.
for name, pr := range recs {
err = cache.AddKeyFromRecord(pr, name, "weakpassword", nil, nil, 2, "", "1h")
if err != nil {
t.Fatalf("%v", err)
}
_, _, _, _, err := c.Decrypt(resp, name)
if err == nil {
t.Fatalf("That shouldn't have worked!")
}
cache.FlushCache()
}
}
Reference in New Issue View Git Blame Copy Permalink