-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcryptohelper_test.go
99 lines (74 loc) · 2.48 KB
/
cryptohelper_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package cryptohelper
import (
"encoding/base64"
"testing"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("Cryptohelper", func() {
Describe("Generating random keys", func() {
It("Doesn't generate the same key twice", func() {
key1, err := RandomKey()
Expect(err).To(BeNil())
key2, err := RandomKey()
Expect(err).To(BeNil())
decode1, err := base64.StdEncoding.DecodeString(key1)
Expect(err).To(BeNil())
decode2, err := base64.StdEncoding.DecodeString(key2)
Expect(err).To(BeNil())
Expect(len([]byte(decode1))).To(Equal(32))
Expect(len([]byte(decode2))).To(Equal(32))
Expect(decode1).ToNot(Equal(decode2))
})
})
Describe("Encrypting/decrypting text", func() {
It("Returns an error if Encrypt is given an invalid key", func() {
_, err := SecretboxEncrypt("", "")
Expect(err).To(MatchError("invalid key: must be 32 bytes " +
"b64-encoded"))
})
It("Returns an error if Decrypt is given an invalid key", func() {
_, err := SecretboxDecrypt("", "")
Expect(err).To(MatchError("invalid key: must be 32 bytes " +
"b64-encoded"))
})
It("Encrypts a message and decrypts it back", func() {
message := "hello"
key, err := RandomKey()
Expect(err).To(BeNil())
ciphertext, err := SecretboxEncrypt(message, key)
Expect(err).To(BeNil())
plaintext, err := SecretboxDecrypt(ciphertext, key)
Expect(err).To(BeNil())
Expect(plaintext).To(Equal(message))
})
It("Fails HMAC when the ciphertext is tampered with", func() {
message := "hello"
key, err := RandomKey()
Expect(err).To(BeNil())
ciphertext, err := SecretboxEncrypt(message, key)
Expect(err).To(BeNil())
// remove the last byte from the cipher text
cipherBytes, err := base64.StdEncoding.DecodeString(ciphertext)
Expect(err).To(BeNil())
cipherBytes = cipherBytes[:len(cipherBytes)-1]
tampered := base64.StdEncoding.EncodeToString(cipherBytes)
_, err = SecretboxDecrypt(tampered, key)
Expect(err).To(MatchError("ciphertext failed to authenticate HMAC"))
})
It("Ensures that the ciphertext contains a randomized nonce", func() {
message := "hello"
key, err := RandomKey()
Expect(err).To(BeNil())
cipher1, err := SecretboxEncrypt(message, key)
Expect(err).To(BeNil())
cipher2, err := SecretboxEncrypt(message, key)
Expect(err).To(BeNil())
Expect(cipher1).ToNot(Equal(cipher2))
})
})
})
func TestCryptohelper(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Cryptohelper Suite")
}