diff options
Diffstat (limited to 'modules/keying/keying_test.go')
| -rw-r--r-- | modules/keying/keying_test.go | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/modules/keying/keying_test.go b/modules/keying/keying_test.go new file mode 100644 index 0000000..8a6e8d5 --- /dev/null +++ b/modules/keying/keying_test.go @@ -0,0 +1,111 @@ +// Copyright 2024 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package keying_test + +import ( + "math" + "testing" + + "code.gitea.io/gitea/modules/keying" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "golang.org/x/crypto/chacha20poly1305" +) + +func TestKeying(t *testing.T) { + t.Run("Not initalized", func(t *testing.T) { + assert.Panics(t, func() { + keying.DeriveKey(keying.Context("TESTING")) + }) + }) + + t.Run("Initialization", func(t *testing.T) { + keying.Init([]byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}) + }) + + t.Run("Context seperation", func(t *testing.T) { + key1 := keying.DeriveKey(keying.Context("TESTING")) + key2 := keying.DeriveKey(keying.Context("TESTING2")) + + ciphertext := key1.Encrypt([]byte("This is for context TESTING"), nil) + + plaintext, err := key2.Decrypt(ciphertext, nil) + require.Error(t, err) + assert.Empty(t, plaintext) + + plaintext, err = key1.Decrypt(ciphertext, nil) + require.NoError(t, err) + assert.EqualValues(t, "This is for context TESTING", plaintext) + }) + + context := keying.Context("TESTING PURPOSES") + plainText := []byte("Forgejo is run by [Redacted]") + var cipherText []byte + t.Run("Encrypt", func(t *testing.T) { + key := keying.DeriveKey(context) + + cipherText = key.Encrypt(plainText, []byte{0x05, 0x06}) + cipherText2 := key.Encrypt(plainText, []byte{0x05, 0x06}) + + // Ensure ciphertexts don't have an determistic output. + assert.NotEqualValues(t, cipherText, cipherText2) + }) + + t.Run("Decrypt", func(t *testing.T) { + key := keying.DeriveKey(context) + + t.Run("Succesful", func(t *testing.T) { + convertedPlainText, err := key.Decrypt(cipherText, []byte{0x05, 0x06}) + require.NoError(t, err) + assert.EqualValues(t, plainText, convertedPlainText) + }) + + t.Run("Not enougn additional data", func(t *testing.T) { + plainText, err := key.Decrypt(cipherText, []byte{0x05}) + require.Error(t, err) + assert.Empty(t, plainText) + }) + + t.Run("Too much additional data", func(t *testing.T) { + plainText, err := key.Decrypt(cipherText, []byte{0x05, 0x06, 0x07}) + require.Error(t, err) + assert.Empty(t, plainText) + }) + + t.Run("Incorrect nonce", func(t *testing.T) { + // Flip the first byte of the nonce. + cipherText[0] = ^cipherText[0] + + plainText, err := key.Decrypt(cipherText, []byte{0x05, 0x06}) + require.Error(t, err) + assert.Empty(t, plainText) + }) + + t.Run("Incorrect ciphertext", func(t *testing.T) { + assert.Panics(t, func() { + key.Decrypt(nil, nil) + }) + + assert.Panics(t, func() { + cipherText := make([]byte, chacha20poly1305.NonceSizeX) + key.Decrypt(cipherText, nil) + }) + }) + }) +} + +func TestKeyingColumnAndID(t *testing.T) { + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x3a, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, keying.ColumnAndID("table", math.MinInt64)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x3a, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, keying.ColumnAndID("table", -1)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, keying.ColumnAndID("table", 0)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, keying.ColumnAndID("table", 1)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x3a, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, keying.ColumnAndID("table", math.MaxInt64)) + + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x32, 0x3a, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, keying.ColumnAndID("table2", math.MinInt64)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x32, 0x3a, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, keying.ColumnAndID("table2", -1)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x32, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, keying.ColumnAndID("table2", 0)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x32, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, keying.ColumnAndID("table2", 1)) + assert.EqualValues(t, []byte{0x74, 0x61, 0x62, 0x6c, 0x65, 0x32, 0x3a, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, keying.ColumnAndID("table2", math.MaxInt64)) +} |