forked from hashicorp/memberlist
-
Notifications
You must be signed in to change notification settings - Fork 0
/
keyring_test.go
157 lines (128 loc) · 3.69 KB
/
keyring_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package memberlist
import (
"bytes"
"testing"
)
var TestKeys [][]byte = [][]byte{
[]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
[]byte{15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0},
[]byte{8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7},
}
func TestKeyring_EmptyRing(t *testing.T) {
// Keyrings can be created with no encryption keys (disabled encryption)
keyring, err := NewKeyring(nil, nil)
if err != nil {
t.Fatalf("err: %s", err)
}
keys := keyring.GetKeys()
if len(keys) != 0 {
t.Fatalf("Expected 0 keys but have %d", len(keys))
}
}
func TestKeyring_PrimaryOnly(t *testing.T) {
// Keyrings can be created using only a primary key
keyring, err := NewKeyring(nil, TestKeys[0])
if err != nil {
t.Fatalf("err: %s", err)
}
keys := keyring.GetKeys()
if len(keys) != 1 {
t.Fatalf("Expected 1 key but have %d", len(keys))
}
}
func TestKeyring_GetPrimaryKey(t *testing.T) {
keyring, err := NewKeyring(TestKeys, TestKeys[1])
if err != nil {
t.Fatalf("err: %s", err)
}
// GetPrimaryKey returns correct key
primaryKey := keyring.GetPrimaryKey()
if !bytes.Equal(primaryKey, TestKeys[1]) {
t.Fatalf("Unexpected primary key: %v", primaryKey)
}
}
func TestKeyring_AddRemoveUse(t *testing.T) {
keyring, err := NewKeyring(nil, TestKeys[1])
if err != nil {
t.Fatalf("err :%s", err)
}
// Use non-existent key throws error
if err := keyring.UseKey(TestKeys[2]); err == nil {
t.Fatalf("Expected key not installed error")
}
// Add key to ring
if err := keyring.AddKey(TestKeys[2]); err != nil {
t.Fatalf("err: %s", err)
}
keys := keyring.GetKeys()
if !bytes.Equal(keys[0], TestKeys[1]) {
t.Fatalf("Unexpected primary key change")
}
if len(keys) != 2 {
t.Fatalf("Expected 2 keys but have %d", len(keys))
}
// Use key that exists should succeed
if err := keyring.UseKey(TestKeys[2]); err != nil {
t.Fatalf("err: %s", err)
}
primaryKey := keyring.GetPrimaryKey()
if !bytes.Equal(primaryKey, TestKeys[2]) {
t.Fatalf("Unexpected primary key: %v", primaryKey)
}
// Removing primary key should fail
if err := keyring.RemoveKey(TestKeys[2]); err == nil {
t.Fatalf("Expected primary key removal error")
}
// Removing non-primary key should succeed
if err := keyring.RemoveKey(TestKeys[1]); err != nil {
t.Fatalf("err: %s", err)
}
keys = keyring.GetKeys()
if len(keys) != 1 {
t.Fatalf("Expected 1 key but have %d", len(keys))
}
}
func TestKeyRing_MultiKeyEncryptDecrypt(t *testing.T) {
plaintext := []byte("this is a plain text message")
extra := []byte("random data")
keyring, err := NewKeyring(TestKeys, TestKeys[0])
if err != nil {
t.Fatalf("err: %s", err)
}
// First encrypt using the primary key and make sure we can decrypt
var buf bytes.Buffer
err = encryptPayload(1, TestKeys[0], plaintext, extra, &buf)
if err != nil {
t.Fatalf("err: %v", err)
}
msg, err := decryptPayload(keyring.GetKeys(), buf.Bytes(), extra)
if err != nil {
t.Fatalf("err: %v", err)
}
if !bytes.Equal(msg, plaintext) {
t.Fatalf("bad: %v", msg)
}
// Now encrypt with a secondary key and try decrypting again.
buf.Reset()
err = encryptPayload(1, TestKeys[2], plaintext, extra, &buf)
if err != nil {
t.Fatalf("err: %v", err)
}
msg, err = decryptPayload(keyring.GetKeys(), buf.Bytes(), extra)
if err != nil {
t.Fatalf("err: %v", err)
}
if !bytes.Equal(msg, plaintext) {
t.Fatalf("bad: %v", msg)
}
// Remove a key from the ring, and then try decrypting again
if err := keyring.RemoveKey(TestKeys[2]); err != nil {
t.Fatalf("err: %s", err)
}
msg, err = decryptPayload(keyring.GetKeys(), buf.Bytes(), extra)
if err == nil {
t.Fatalf("Expected no keys to decrypt message")
}
}