-
Notifications
You must be signed in to change notification settings - Fork 2
/
crypto_test.go
85 lines (78 loc) · 2.18 KB
/
crypto_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package seof
import (
"github.com/kuking/seof/crypto"
"testing"
)
func TestSealOpen(t *testing.T) {
f := File{}
h := givenValidHeader()
_ = f.initialiseCiphers(password, &h)
plainText := "This is a secret"
cipherText, nonce := f.seal([]byte(plainText), 1234)
recoveredText, err := f.unseal(cipherText, 1234, nonce)
if err != nil {
t.Fatal(err)
}
if string(recoveredText) != plainText {
t.Fatal("recovered plaintext not equal")
}
}
func TestSealOpen_InvalidBlockNo(t *testing.T) {
f := File{}
h := givenValidHeader()
_ = f.initialiseCiphers(password, &h)
plainText := "This is a secret"
cipherText, nonce := f.seal([]byte(plainText), 1234)
_, err := f.unseal(cipherText, 5432, nonce)
if err == nil {
t.Fatal(err)
}
}
func TestSealOpen_Sizes(t *testing.T) {
f := File{}
h := givenValidHeader()
_ = f.initialiseCiphers(password, &h)
plainText := "This is a secret"
cipherText, nonce := f.seal([]byte(plainText), 1234)
if len(nonce) != 36 || len(nonce) != nonceSize {
t.Fatal("nonce has to be 12*3 bytes")
}
if float32(len(plainText))*1.5 > float32(len(cipherText)) {
t.Fatal("cipherText seems too short")
}
}
// of course we don't intend to test the crypto primitives here, we want to assert without any doubt we did not "f.up"
// the integration with the crypto primitives, now or in the future.
func TestSealOpen_AnyByteChangeShouldFail(t *testing.T) {
f := File{}
h := givenValidHeader()
_ = f.initialiseCiphers(password, &h)
plainText := "This is a secret"
cipherText, nonce := f.seal([]byte(plainText), 1234)
// cipher-text
for i := 0; i < len(cipherText); i++ {
orig := cipherText[i]
cipherText[i] = crypto.RandBytes(1)[0]
if cipherText[i] == orig {
cipherText[i]++
}
_, err := f.unseal(cipherText, 1234, nonce)
if err == nil {
t.Fatal("this should have failed after changing one byte in the cipherText")
}
cipherText[i] = orig
}
// nonce
for i := 0; i < len(nonce); i++ {
orig := nonce[i]
nonce[i] = orig ^ crypto.RandBytes(1)[0]
if nonce[i] == orig {
nonce[i]++
}
_, err := f.unseal(cipherText, 1234, nonce)
if err == nil {
t.Fatal("this should have failed after changing one byte in the cipherText")
}
nonce[i] = orig
}
}