123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362 |
- // Copyright 2011 The Go Authors. All rights reserved.
- // Use of this source code is governed by a BSD-style
- // license that can be found in the LICENSE file.
- package openpgp
- import (
- "bytes"
- "io"
- "io/ioutil"
- "testing"
- "time"
- "golang.org/x/crypto/openpgp/packet"
- )
- func TestSignDetached(t *testing.T) {
- kring, _ := ReadKeyRing(readerFromHex(testKeys1And2PrivateHex))
- out := bytes.NewBuffer(nil)
- message := bytes.NewBufferString(signedInput)
- err := DetachSign(out, kring[0], message, nil)
- if err != nil {
- t.Error(err)
- }
- testDetachedSignature(t, kring, out, signedInput, "check", testKey1KeyId)
- }
- func TestSignTextDetached(t *testing.T) {
- kring, _ := ReadKeyRing(readerFromHex(testKeys1And2PrivateHex))
- out := bytes.NewBuffer(nil)
- message := bytes.NewBufferString(signedInput)
- err := DetachSignText(out, kring[0], message, nil)
- if err != nil {
- t.Error(err)
- }
- testDetachedSignature(t, kring, out, signedInput, "check", testKey1KeyId)
- }
- func TestSignDetachedDSA(t *testing.T) {
- kring, _ := ReadKeyRing(readerFromHex(dsaTestKeyPrivateHex))
- out := bytes.NewBuffer(nil)
- message := bytes.NewBufferString(signedInput)
- err := DetachSign(out, kring[0], message, nil)
- if err != nil {
- t.Error(err)
- }
- testDetachedSignature(t, kring, out, signedInput, "check", testKey3KeyId)
- }
- func TestSignDetachedP256(t *testing.T) {
- kring, _ := ReadKeyRing(readerFromHex(p256TestKeyPrivateHex))
- kring[0].PrivateKey.Decrypt([]byte("passphrase"))
- out := bytes.NewBuffer(nil)
- message := bytes.NewBufferString(signedInput)
- err := DetachSign(out, kring[0], message, nil)
- if err != nil {
- t.Error(err)
- }
- testDetachedSignature(t, kring, out, signedInput, "check", testKeyP256KeyId)
- }
- func TestNewEntity(t *testing.T) {
- if testing.Short() {
- return
- }
- // Check bit-length with no config.
- e, err := NewEntity("Test User", "test", "test@example.com", nil)
- if err != nil {
- t.Errorf("failed to create entity: %s", err)
- return
- }
- bl, err := e.PrimaryKey.BitLength()
- if err != nil {
- t.Errorf("failed to find bit length: %s", err)
- }
- if int(bl) != defaultRSAKeyBits {
- t.Errorf("BitLength %v, expected %v", int(bl), defaultRSAKeyBits)
- }
- // Check bit-length with a config.
- cfg := &packet.Config{RSABits: 1024}
- e, err = NewEntity("Test User", "test", "test@example.com", cfg)
- if err != nil {
- t.Errorf("failed to create entity: %s", err)
- return
- }
- bl, err = e.PrimaryKey.BitLength()
- if err != nil {
- t.Errorf("failed to find bit length: %s", err)
- }
- if int(bl) != cfg.RSABits {
- t.Errorf("BitLength %v, expected %v", bl, cfg.RSABits)
- }
- w := bytes.NewBuffer(nil)
- if err := e.SerializePrivate(w, nil); err != nil {
- t.Errorf("failed to serialize entity: %s", err)
- return
- }
- serialized := w.Bytes()
- el, err := ReadKeyRing(w)
- if err != nil {
- t.Errorf("failed to reparse entity: %s", err)
- return
- }
- if len(el) != 1 {
- t.Errorf("wrong number of entities found, got %d, want 1", len(el))
- }
- w = bytes.NewBuffer(nil)
- if err := e.SerializePrivate(w, nil); err != nil {
- t.Errorf("failed to serialize entity second time: %s", err)
- return
- }
- if !bytes.Equal(w.Bytes(), serialized) {
- t.Errorf("results differed")
- }
- }
- func TestSymmetricEncryption(t *testing.T) {
- buf := new(bytes.Buffer)
- plaintext, err := SymmetricallyEncrypt(buf, []byte("testing"), nil, nil)
- if err != nil {
- t.Errorf("error writing headers: %s", err)
- return
- }
- message := []byte("hello world\n")
- _, err = plaintext.Write(message)
- if err != nil {
- t.Errorf("error writing to plaintext writer: %s", err)
- }
- err = plaintext.Close()
- if err != nil {
- t.Errorf("error closing plaintext writer: %s", err)
- }
- md, err := ReadMessage(buf, nil, func(keys []Key, symmetric bool) ([]byte, error) {
- return []byte("testing"), nil
- }, nil)
- if err != nil {
- t.Errorf("error rereading message: %s", err)
- }
- messageBuf := bytes.NewBuffer(nil)
- _, err = io.Copy(messageBuf, md.UnverifiedBody)
- if err != nil {
- t.Errorf("error rereading message: %s", err)
- }
- if !bytes.Equal(message, messageBuf.Bytes()) {
- t.Errorf("recovered message incorrect got '%s', want '%s'", messageBuf.Bytes(), message)
- }
- }
- var testEncryptionTests = []struct {
- keyRingHex string
- isSigned bool
- }{
- {
- testKeys1And2PrivateHex,
- false,
- },
- {
- testKeys1And2PrivateHex,
- true,
- },
- {
- dsaElGamalTestKeysHex,
- false,
- },
- {
- dsaElGamalTestKeysHex,
- true,
- },
- }
- func TestEncryption(t *testing.T) {
- for i, test := range testEncryptionTests {
- kring, _ := ReadKeyRing(readerFromHex(test.keyRingHex))
- passphrase := []byte("passphrase")
- for _, entity := range kring {
- if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
- err := entity.PrivateKey.Decrypt(passphrase)
- if err != nil {
- t.Errorf("#%d: failed to decrypt key", i)
- }
- }
- for _, subkey := range entity.Subkeys {
- if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
- err := subkey.PrivateKey.Decrypt(passphrase)
- if err != nil {
- t.Errorf("#%d: failed to decrypt subkey", i)
- }
- }
- }
- }
- var signed *Entity
- if test.isSigned {
- signed = kring[0]
- }
- buf := new(bytes.Buffer)
- w, err := Encrypt(buf, kring[:1], signed, nil /* no hints */, nil)
- if err != nil {
- t.Errorf("#%d: error in Encrypt: %s", i, err)
- continue
- }
- const message = "testing"
- _, err = w.Write([]byte(message))
- if err != nil {
- t.Errorf("#%d: error writing plaintext: %s", i, err)
- continue
- }
- err = w.Close()
- if err != nil {
- t.Errorf("#%d: error closing WriteCloser: %s", i, err)
- continue
- }
- md, err := ReadMessage(buf, kring, nil /* no prompt */, nil)
- if err != nil {
- t.Errorf("#%d: error reading message: %s", i, err)
- continue
- }
- testTime, _ := time.Parse("2006-01-02", "2013-07-01")
- if test.isSigned {
- signKey, _ := kring[0].signingKey(testTime)
- expectedKeyId := signKey.PublicKey.KeyId
- if md.SignedByKeyId != expectedKeyId {
- t.Errorf("#%d: message signed by wrong key id, got: %v, want: %v", i, *md.SignedBy, expectedKeyId)
- }
- if md.SignedBy == nil {
- t.Errorf("#%d: failed to find the signing Entity", i)
- }
- }
- plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
- if err != nil {
- t.Errorf("#%d: error reading encrypted contents: %s", i, err)
- continue
- }
- encryptKey, _ := kring[0].encryptionKey(testTime)
- expectedKeyId := encryptKey.PublicKey.KeyId
- if len(md.EncryptedToKeyIds) != 1 || md.EncryptedToKeyIds[0] != expectedKeyId {
- t.Errorf("#%d: expected message to be encrypted to %v, but got %#v", i, expectedKeyId, md.EncryptedToKeyIds)
- }
- if string(plaintext) != message {
- t.Errorf("#%d: got: %s, want: %s", i, string(plaintext), message)
- }
- if test.isSigned {
- if md.SignatureError != nil {
- t.Errorf("#%d: signature error: %s", i, md.SignatureError)
- }
- if md.Signature == nil {
- t.Error("signature missing")
- }
- }
- }
- }
- var testSigningTests = []struct {
- keyRingHex string
- }{
- {
- testKeys1And2PrivateHex,
- },
- {
- dsaElGamalTestKeysHex,
- },
- }
- func TestSigning(t *testing.T) {
- for i, test := range testSigningTests {
- kring, _ := ReadKeyRing(readerFromHex(test.keyRingHex))
- passphrase := []byte("passphrase")
- for _, entity := range kring {
- if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
- err := entity.PrivateKey.Decrypt(passphrase)
- if err != nil {
- t.Errorf("#%d: failed to decrypt key", i)
- }
- }
- for _, subkey := range entity.Subkeys {
- if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
- err := subkey.PrivateKey.Decrypt(passphrase)
- if err != nil {
- t.Errorf("#%d: failed to decrypt subkey", i)
- }
- }
- }
- }
- signed := kring[0]
- buf := new(bytes.Buffer)
- w, err := Sign(buf, signed, nil /* no hints */, nil)
- if err != nil {
- t.Errorf("#%d: error in Sign: %s", i, err)
- continue
- }
- const message = "testing"
- _, err = w.Write([]byte(message))
- if err != nil {
- t.Errorf("#%d: error writing plaintext: %s", i, err)
- continue
- }
- err = w.Close()
- if err != nil {
- t.Errorf("#%d: error closing WriteCloser: %s", i, err)
- continue
- }
- md, err := ReadMessage(buf, kring, nil /* no prompt */, nil)
- if err != nil {
- t.Errorf("#%d: error reading message: %s", i, err)
- continue
- }
- testTime, _ := time.Parse("2006-01-02", "2013-07-01")
- signKey, _ := kring[0].signingKey(testTime)
- expectedKeyId := signKey.PublicKey.KeyId
- if md.SignedByKeyId != expectedKeyId {
- t.Errorf("#%d: message signed by wrong key id, got: %v, want: %v", i, *md.SignedBy, expectedKeyId)
- }
- if md.SignedBy == nil {
- t.Errorf("#%d: failed to find the signing Entity", i)
- }
- plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
- if err != nil {
- t.Errorf("#%d: error reading contents: %v", i, err)
- continue
- }
- if string(plaintext) != message {
- t.Errorf("#%d: got: %q, want: %q", i, plaintext, message)
- }
- if md.SignatureError != nil {
- t.Errorf("#%d: signature error: %q", i, md.SignatureError)
- }
- if md.Signature == nil {
- t.Error("signature missing")
- }
- }
- }
|