package encryption import ( "fmt" "testing" "github.com/stretchr/testify/require" "github.com/status-im/status-go/eth-node/crypto" "github.com/status-im/status-go/eth-node/crypto/ecies" ) const ( alicePrivateKey = "00000000000000000000000000000000" aliceEphemeralKey = "11111111111111111111111111111111" bobPrivateKey = "22222222222222222222222222222222" bobSignedPreKey = "33333333333333333333333333333333" ) var sharedKey = []byte{0xa4, 0xe9, 0x23, 0xd0, 0xaf, 0x8f, 0xe7, 0x8a, 0x5, 0x63, 0x63, 0xbe, 0x20, 0xe7, 0x1c, 0xa, 0x58, 0xe5, 0x69, 0xea, 0x8f, 0xc1, 0xf7, 0x92, 0x89, 0xec, 0xa1, 0xd, 0x9f, 0x68, 0x13, 0x3a} func bobBundle() (*Bundle, error) { privateKey, err := crypto.ToECDSA([]byte(bobPrivateKey)) if err != nil { return nil, err } signedPreKey, err := crypto.ToECDSA([]byte(bobSignedPreKey)) if err != nil { return nil, err } compressedPreKey := crypto.CompressPubkey(&signedPreKey.PublicKey) signature, err := crypto.Sign(crypto.Keccak256(compressedPreKey), privateKey) if err != nil { return nil, err } signedPreKeys := make(map[string]*SignedPreKey) signedPreKeys[bobInstallationID] = &SignedPreKey{SignedPreKey: compressedPreKey} bundle := Bundle{ Identity: crypto.CompressPubkey(&privateKey.PublicKey), SignedPreKeys: signedPreKeys, Signature: signature, } return &bundle, nil } func TestNewBundleContainer(t *testing.T) { privateKey, err := crypto.ToECDSA([]byte(alicePrivateKey)) require.NoError(t, err, "Private key should be generated without errors") bundleContainer, err := NewBundleContainer(privateKey, bobInstallationID) require.NoError(t, err, "Bundle container should be created successfully") err = SignBundle(privateKey, bundleContainer) require.NoError(t, err, "Bundle container should be signed successfully") require.NoError(t, err, "Bundle container should be created successfully") bundle := bundleContainer.Bundle require.NotNil(t, bundle, "Bundle should be generated without errors") signatureMaterial := append([]byte(bobInstallationID), bundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey()...) signatureMaterial = append(signatureMaterial, []byte("0")...) signatureMaterial = append(signatureMaterial, []byte(fmt.Sprint(bundle.GetTimestamp()))...) recoveredPublicKey, err := crypto.SigToPub( crypto.Keccak256(signatureMaterial), bundle.Signature, ) require.NoError(t, err, "Public key should be recovered from the bundle successfully") require.Equal( t, privateKey.PublicKey, *recoveredPublicKey, "The correct public key should be recovered", ) } func TestSignBundle(t *testing.T) { privateKey, err := crypto.ToECDSA([]byte(alicePrivateKey)) require.NoError(t, err, "Private key should be generated without errors") bundleContainer1, err := NewBundleContainer(privateKey, "1") require.NoError(t, err, "Bundle container should be created successfully") bundle1 := bundleContainer1.Bundle require.NotNil(t, bundle1, "Bundle should be generated without errors") // We add a signed pre key signedPreKeys := bundle1.GetSignedPreKeys() signedPreKeys["2"] = &SignedPreKey{SignedPreKey: []byte("key")} err = SignBundle(privateKey, bundleContainer1) require.NoError(t, err) signatureMaterial := append([]byte("1"), bundle1.GetSignedPreKeys()["1"].GetSignedPreKey()...) signatureMaterial = append(signatureMaterial, []byte("0")...) signatureMaterial = append(signatureMaterial, []byte("2")...) signatureMaterial = append(signatureMaterial, []byte("key")...) signatureMaterial = append(signatureMaterial, []byte("0")...) signatureMaterial = append(signatureMaterial, []byte(fmt.Sprint(bundle1.GetTimestamp()))...) recoveredPublicKey, err := crypto.SigToPub( crypto.Keccak256(signatureMaterial), bundleContainer1.GetBundle().Signature, ) require.NoError(t, err, "Public key should be recovered from the bundle successfully") require.Equal( t, privateKey.PublicKey, *recoveredPublicKey, "The correct public key should be recovered", ) } func TestExtractIdentity(t *testing.T) { privateKey, err := crypto.ToECDSA([]byte(alicePrivateKey)) require.NoError(t, err, "Private key should be generated without errors") bundleContainer, err := NewBundleContainer(privateKey, "1") require.NoError(t, err, "Bundle container should be created successfully") err = SignBundle(privateKey, bundleContainer) require.NoError(t, err, "Bundle container should be signed successfully") bundle := bundleContainer.Bundle require.NotNil(t, bundle, "Bundle should be generated without errors") recoveredPublicKey, err := ExtractIdentity(bundle) require.NoError(t, err, "Public key should be recovered from the bundle successfully") require.Equal( t, privateKey.PublicKey, *recoveredPublicKey, "The correct public key should be recovered", ) } // Alice wants to send a message to Bob func TestX3dhActive(t *testing.T) { bobIdentityKey, err := crypto.ToECDSA([]byte(bobPrivateKey)) require.NoError(t, err, "Bundle identity key should be generated without errors") bobSignedPreKey, err := crypto.ToECDSA([]byte(bobSignedPreKey)) require.NoError(t, err, "Bundle signed pre key should be generated without errors") aliceIdentityKey, err := crypto.ToECDSA([]byte(alicePrivateKey)) require.NoError(t, err, "Private key should be generated without errors") aliceEphemeralKey, err := crypto.ToECDSA([]byte(aliceEphemeralKey)) require.NoError(t, err, "Ephemeral key should be generated without errors") x3dh, err := x3dhActive( ecies.ImportECDSA(aliceIdentityKey), ecies.ImportECDSAPublic(&bobSignedPreKey.PublicKey), ecies.ImportECDSA(aliceEphemeralKey), ecies.ImportECDSAPublic(&bobIdentityKey.PublicKey), ) require.NoError(t, err, "Shared key should be generated without errors") require.Equal(t, sharedKey, x3dh, "Should generate the correct key") } // Bob receives a message from Alice func TestPerformPassiveX3DH(t *testing.T) { alicePrivateKey, err := crypto.ToECDSA([]byte(alicePrivateKey)) require.NoError(t, err, "Private key should be generated without errors") bobSignedPreKey, err := crypto.ToECDSA([]byte(bobSignedPreKey)) require.NoError(t, err, "Private key should be generated without errors") aliceEphemeralKey, err := crypto.ToECDSA([]byte(aliceEphemeralKey)) require.NoError(t, err, "Ephemeral key should be generated without errors") bobPrivateKey, err := crypto.ToECDSA([]byte(bobPrivateKey)) require.NoError(t, err, "Private key should be generated without errors") x3dh, err := PerformPassiveX3DH( &alicePrivateKey.PublicKey, bobSignedPreKey, &aliceEphemeralKey.PublicKey, bobPrivateKey, ) require.NoError(t, err, "Shared key should be generated without errors") require.Equal(t, sharedKey, x3dh, "Should generate the correct key") } func TestPerformActiveX3DH(t *testing.T) { bundle, err := bobBundle() require.NoError(t, err, "Test bundle should be generated without errors") privateKey, err := crypto.ToECDSA([]byte(bobPrivateKey)) require.NoError(t, err, "Private key should be imported without errors") signedPreKey := bundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey() actualSharedSecret, actualEphemeralKey, err := PerformActiveX3DH(bundle.GetIdentity(), signedPreKey, privateKey) require.NoError(t, err, "No error should be reported") require.NotNil(t, actualEphemeralKey, "An ephemeral key-pair should be generated") require.NotNil(t, actualSharedSecret, "A shared key should be generated") }