2022-06-15 16:36:17 +01:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"crypto/elliptic"
|
2022-06-10 16:32:15 +01:00
|
|
|
"crypto/rand"
|
|
|
|
"crypto/tls"
|
2022-06-15 16:36:17 +01:00
|
|
|
"encoding/asn1"
|
|
|
|
"math/big"
|
2022-06-10 16:32:15 +01:00
|
|
|
"net"
|
2022-06-15 16:36:17 +01:00
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/btcsuite/btcutil/base58"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
X = "7744735542292224619198421067303535767629647588258222392379329927711683109548"
|
|
|
|
Y = "6855516769916529066379811647277920115118980625614889267697023742462401590771"
|
|
|
|
D = "38564357061962143106230288374146033267100509055924181407058066820384455255240"
|
2022-08-07 23:14:33 +01:00
|
|
|
AES = "BbnZ7Gc66t54a9kEFCf7FW8SGQuYypwHVeNkRYeNoqV6"
|
2022-06-15 16:36:17 +01:00
|
|
|
DB58 = "6jpbvo2ucrtrnpXXF4DQYuysh697isH9ppd2aT8uSRDh"
|
|
|
|
SN = "91849736469742262272885892667727604096707836853856473239722372976236128900962"
|
|
|
|
CertTime = "eQUriVtGtkWhPJFeLZjF"
|
|
|
|
)
|
|
|
|
|
|
|
|
type TestKeyComponents struct {
|
|
|
|
X *big.Int
|
|
|
|
Y *big.Int
|
|
|
|
D *big.Int
|
2022-08-07 23:14:33 +01:00
|
|
|
AES []byte
|
2022-06-15 16:36:17 +01:00
|
|
|
DBytes []byte
|
|
|
|
PK *ecdsa.PrivateKey
|
|
|
|
}
|
|
|
|
|
|
|
|
func (tk *TestKeyComponents) SetupKeyComponents(t *testing.T) {
|
|
|
|
var ok bool
|
|
|
|
|
|
|
|
tk.X, ok = new(big.Int).SetString(X, 10)
|
|
|
|
require.True(t, ok)
|
|
|
|
|
|
|
|
tk.Y, ok = new(big.Int).SetString(Y, 10)
|
|
|
|
require.True(t, ok)
|
|
|
|
|
|
|
|
tk.D, ok = new(big.Int).SetString(D, 10)
|
|
|
|
require.True(t, ok)
|
|
|
|
|
2022-08-07 23:14:33 +01:00
|
|
|
tk.AES = base58.Decode(AES)
|
|
|
|
require.Len(t, tk.AES, 32)
|
|
|
|
|
2022-06-15 16:36:17 +01:00
|
|
|
tk.DBytes = base58.Decode(DB58)
|
|
|
|
require.Exactly(t, tk.D.Bytes(), tk.DBytes)
|
|
|
|
|
|
|
|
tk.PK = &ecdsa.PrivateKey{
|
|
|
|
PublicKey: ecdsa.PublicKey{
|
|
|
|
Curve: elliptic.P256(),
|
|
|
|
X: tk.X,
|
|
|
|
Y: tk.Y,
|
|
|
|
},
|
|
|
|
D: tk.D,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type TestCertComponents struct {
|
|
|
|
NotBefore, NotAfter time.Time
|
|
|
|
SN *big.Int
|
|
|
|
}
|
|
|
|
|
|
|
|
func (tcc *TestCertComponents) SetupCertComponents(t *testing.T) {
|
|
|
|
var ok bool
|
|
|
|
|
|
|
|
tcc.SN, ok = new(big.Int).SetString(SN, 10)
|
|
|
|
require.True(t, ok)
|
|
|
|
|
|
|
|
_, err := asn1.Unmarshal(base58.Decode(CertTime), &tcc.NotBefore)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
tcc.NotAfter = tcc.NotBefore.Add(time.Hour)
|
|
|
|
}
|
2022-06-10 16:32:15 +01:00
|
|
|
|
|
|
|
type TestPairingServerComponents struct {
|
2022-08-07 23:14:33 +01:00
|
|
|
EphemeralPK *ecdsa.PrivateKey
|
|
|
|
EphemeralAES []byte
|
|
|
|
OutboundIP net.IP
|
|
|
|
Cert tls.Certificate
|
|
|
|
PS *PairingServer
|
2022-06-10 16:32:15 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tpsc *TestPairingServerComponents) SetupPairingServerComponents(t *testing.T) {
|
|
|
|
var err error
|
|
|
|
|
2022-08-07 23:14:33 +01:00
|
|
|
// Get 4 key components for tls.cert generation
|
2022-06-10 16:32:15 +01:00
|
|
|
// 1) Ephemeral private key
|
|
|
|
tpsc.EphemeralPK, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-08-07 23:14:33 +01:00
|
|
|
// 2) AES encryption key
|
|
|
|
tpsc.EphemeralAES, err = makeEncryptionKey(tpsc.EphemeralPK)
|
2022-06-10 16:32:15 +01:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2022-08-07 23:14:33 +01:00
|
|
|
// 3) Device outbound IP address
|
|
|
|
tpsc.OutboundIP, err = GetOutboundIP()
|
|
|
|
require.NoError(t, err)
|
2022-06-10 16:32:15 +01:00
|
|
|
|
|
|
|
// Generate tls.Certificate and Server
|
2022-08-07 23:14:33 +01:00
|
|
|
tpsc.Cert, _, err = GenerateCertFromKey(tpsc.EphemeralPK, time.Now(), tpsc.OutboundIP.String())
|
2022-06-10 16:32:15 +01:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
tpsc.PS, err = NewPairingServer(&Config{
|
2022-08-07 23:14:33 +01:00
|
|
|
PK: &tpsc.EphemeralPK.PublicKey,
|
|
|
|
EK: tpsc.EphemeralAES,
|
2022-06-10 16:32:15 +01:00
|
|
|
Cert: &tpsc.Cert,
|
2022-07-01 16:37:53 +01:00
|
|
|
Hostname: tpsc.OutboundIP.String()})
|
2022-06-10 16:32:15 +01:00
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
2022-07-01 16:37:53 +01:00
|
|
|
|
|
|
|
type MockEncryptOnlyPayloadManager struct {
|
2022-08-19 13:45:50 +01:00
|
|
|
*PayloadEncryptionManager
|
2022-07-01 16:37:53 +01:00
|
|
|
}
|
|
|
|
|
2022-08-07 23:14:33 +01:00
|
|
|
func NewMockEncryptOnlyPayloadManager(aesKey []byte) (*MockEncryptOnlyPayloadManager, error) {
|
|
|
|
pem, err := NewPayloadEncryptionManager(aesKey)
|
2022-07-01 16:37:53 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &MockEncryptOnlyPayloadManager{
|
2022-08-19 13:45:50 +01:00
|
|
|
pem,
|
2022-07-01 16:37:53 +01:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *MockEncryptOnlyPayloadManager) Mount() error {
|
|
|
|
// Make a random payload
|
|
|
|
data := make([]byte, 32)
|
|
|
|
_, err := rand.Read(data)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-08-19 13:45:50 +01:00
|
|
|
return m.Encrypt(data)
|
2022-07-01 16:37:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (m *MockEncryptOnlyPayloadManager) Receive(data []byte) error {
|
2022-08-19 13:45:50 +01:00
|
|
|
return m.Decrypt(data)
|
2022-07-05 06:40:43 +01:00
|
|
|
}
|