-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathidentity_crypto_test.go
More file actions
236 lines (198 loc) · 6 KB
/
Copy pathidentity_crypto_test.go
File metadata and controls
236 lines (198 loc) · 6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
package nara
import (
"encoding/json"
"io"
"os"
"testing"
"github.com/eljojo/nara/identity"
"github.com/sirupsen/logrus"
)
func TestHeyThereEvent_SignAndVerify(t *testing.T) {
t.Parallel()
// Suppress logrus output to prevent race conditions from warning logs
// This test intentionally triggers warnings (invalid signature verification)
logrus.SetOutput(io.Discard)
t.Cleanup(func() { logrus.SetOutput(os.Stderr) })
// Create a keypair from a test soul
soul := identity.NativeSoulCustom([]byte("test-hw-heythere-1"), "alice")
keypair := identity.DeriveKeypair(soul)
// Create and sign a hey_there event
event := &HeyThereEvent{
From: "alice",
PublicKey: identity.FormatPublicKey(keypair.PublicKey),
MeshIP: "100.64.0.1",
}
event.Sign(keypair)
if event.Signature == "" {
t.Error("Expected signature to be set after signing")
}
// Verify should succeed
if !event.Verify() {
t.Error("Expected signature to verify")
}
// Tamper with the event - should fail
tamperedEvent := *event
tamperedEvent.MeshIP = "100.64.0.2"
if tamperedEvent.Verify() {
t.Error("Expected tampered event to fail verification")
}
// Wrong signature - should fail
wrongEvent := &HeyThereEvent{
From: "alice",
PublicKey: identity.FormatPublicKey(keypair.PublicKey),
MeshIP: "100.64.0.1",
Signature: "invalid-signature",
}
if wrongEvent.Verify() {
t.Error("Expected invalid signature to fail verification")
}
}
func TestHeyThereEvent_VerifyUnsigned(t *testing.T) {
t.Parallel()
event := &HeyThereEvent{
From: "alice",
PublicKey: "",
MeshIP: "100.64.0.1",
}
// Should return false for unsigned event
if event.Verify() {
t.Error("Expected Verify to return false for unsigned event")
}
}
func TestNewspaperEvent_SignAndVerify(t *testing.T) {
t.Parallel()
// Create a keypair from a test soul
soul := identity.NativeSoulCustom([]byte("test-hw-newspaper-1"), "alice")
keypair := identity.DeriveKeypair(soul)
// Create a status
status := NaraStatus{
Flair: "test-flair",
Chattiness: 50,
PublicKey: identity.FormatPublicKey(keypair.PublicKey),
MeshIP: "100.64.0.1",
}
// Create and sign a newspaper event manually (simulating what SignNewspaper does)
event := NewspaperEvent{
From: "alice",
Status: status,
}
// Sign the JSON-serialized status
statusJSON, _ := json.Marshal(status)
event.Signature = keypair.SignBase64(statusJSON)
// Verify should succeed
if !event.Verify(keypair.PublicKey) {
t.Error("Expected signature to verify")
}
// Tamper with status - should fail
tamperedEvent := event
tamperedEvent.Status.Chattiness = 100
if tamperedEvent.Verify(keypair.PublicKey) {
t.Error("Expected tampered event to fail verification")
}
// Wrong public key - should fail
wrongSoul := identity.NativeSoulCustom([]byte("different-hw-newspaper"), "bob")
wrongKeypair := identity.DeriveKeypair(wrongSoul)
if event.Verify(wrongKeypair.PublicKey) {
t.Error("Expected wrong public key to fail verification")
}
}
func TestNewspaperEvent_VerifyUnsigned(t *testing.T) {
t.Parallel()
event := NewspaperEvent{
From: "alice",
Status: NaraStatus{Flair: "test"},
}
soul := identity.NativeSoulCustom([]byte("test-hw-newspaper-2"), "alice")
keypair := identity.DeriveKeypair(soul)
// Should return false for unsigned event
if event.Verify(keypair.PublicKey) {
t.Error("Expected Verify to return false for unsigned event")
}
}
func TestNewspaperEvent_VerifyWithRawStatusJSON(t *testing.T) {
t.Parallel()
soul := identity.NativeSoulCustom([]byte("test-hw-newspaper-raw"), "alice")
keypair := identity.DeriveKeypair(soul)
statusPayload := map[string]interface{}{
"Flair": "test-flair",
"Chattiness": 50,
"PublicKey": identity.FormatPublicKey(keypair.PublicKey),
"MeshIP": "100.64.0.1",
"extra_field": "old-client-drops-me",
}
rawStatus, err := json.Marshal(statusPayload)
if err != nil {
t.Fatalf("failed to marshal status payload: %v", err)
}
var status NaraStatus
if err := json.Unmarshal(rawStatus, &status); err != nil {
t.Fatalf("failed to unmarshal status payload: %v", err)
}
signature := keypair.SignBase64(rawStatus)
event := NewspaperEvent{
From: "alice",
Status: status,
Signature: signature,
StatusJSON: rawStatus,
}
if !event.Verify(keypair.PublicKey) {
t.Error("Expected signature to verify using raw status JSON")
}
eventNoRaw := NewspaperEvent{
From: "alice",
Status: status,
Signature: signature,
}
if eventNoRaw.Verify(keypair.PublicKey) {
t.Error("Expected signature to fail without raw status JSON")
}
}
func TestChauEvent_SignAndVerify(t *testing.T) {
t.Parallel()
// Suppress logrus output to prevent race conditions from warning logs
// This test intentionally triggers warnings (invalid signature verification)
logrus.SetOutput(io.Discard)
t.Cleanup(func() { logrus.SetOutput(os.Stderr) })
// Create a keypair from a test soul
soul := identity.NativeSoulCustom([]byte("test-hw-chau-1"), "alice")
keypair := identity.DeriveKeypair(soul)
// Create and sign a chau event
event := &ChauEvent{
From: "alice",
PublicKey: identity.FormatPublicKey(keypair.PublicKey),
}
event.Sign(keypair)
if event.Signature == "" {
t.Error("Expected signature to be set after signing")
}
// Verify should succeed
if !event.Verify() {
t.Error("Expected signature to verify")
}
// Tamper with the event - should fail
tamperedEvent := *event
tamperedEvent.From = "bob"
if tamperedEvent.Verify() {
t.Error("Expected tampered event to fail verification")
}
// Wrong signature - should fail
wrongEvent := &ChauEvent{
From: "alice",
PublicKey: identity.FormatPublicKey(keypair.PublicKey),
Signature: "invalid-signature",
}
if wrongEvent.Verify() {
t.Error("Expected invalid signature to fail verification")
}
}
func TestChauEvent_VerifyUnsigned(t *testing.T) {
t.Parallel()
event := &ChauEvent{
From: "alice",
PublicKey: "",
}
// Should return false for unsigned event
if event.Verify() {
t.Error("Expected Verify to return false for unsigned event")
}
}