211 lines
7.3 KiB
Go
211 lines
7.3 KiB
Go
package encryption
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/status-im/status-go/eth-node/crypto"
|
|
"github.com/status-im/status-go/eth-node/crypto/ecies"
|
|
)
|
|
|
|
const (
|
|
alicePrivateKey = "00000000000000000000000000000000"
|
|
aliceEphemeralKey = "11111111111111111111111111111111"
|
|
bobPrivateKey = "22222222222222222222222222222222"
|
|
bobSignedPreKey = "33333333333333333333333333333333"
|
|
)
|
|
|
|
var sharedKey = []byte{0xa4, 0xe9, 0x23, 0xd0, 0xaf, 0x8f, 0xe7, 0x8a, 0x5, 0x63, 0x63, 0xbe, 0x20, 0xe7, 0x1c, 0xa, 0x58, 0xe5, 0x69, 0xea, 0x8f, 0xc1, 0xf7, 0x92, 0x89, 0xec, 0xa1, 0xd, 0x9f, 0x68, 0x13, 0x3a}
|
|
|
|
func bobBundle() (*Bundle, error) {
|
|
privateKey, err := crypto.ToECDSA([]byte(bobPrivateKey))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
signedPreKey, err := crypto.ToECDSA([]byte(bobSignedPreKey))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
compressedPreKey := crypto.CompressPubkey(&signedPreKey.PublicKey)
|
|
|
|
signature, err := crypto.Sign(crypto.Keccak256(compressedPreKey), privateKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
signedPreKeys := make(map[string]*SignedPreKey)
|
|
signedPreKeys[bobInstallationID] = &SignedPreKey{SignedPreKey: compressedPreKey}
|
|
|
|
bundle := Bundle{
|
|
Identity: crypto.CompressPubkey(&privateKey.PublicKey),
|
|
SignedPreKeys: signedPreKeys,
|
|
Signature: signature,
|
|
}
|
|
|
|
return &bundle, nil
|
|
}
|
|
|
|
func TestNewBundleContainer(t *testing.T) {
|
|
privateKey, err := crypto.ToECDSA([]byte(alicePrivateKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
bundleContainer, err := NewBundleContainer(privateKey, bobInstallationID)
|
|
require.NoError(t, err, "Bundle container should be created successfully")
|
|
|
|
err = SignBundle(privateKey, bundleContainer)
|
|
require.NoError(t, err, "Bundle container should be signed successfully")
|
|
|
|
require.NoError(t, err, "Bundle container should be created successfully")
|
|
|
|
bundle := bundleContainer.Bundle
|
|
require.NotNil(t, bundle, "Bundle should be generated without errors")
|
|
|
|
signatureMaterial := append([]byte(bobInstallationID), bundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey()...)
|
|
signatureMaterial = append(signatureMaterial, []byte("0")...)
|
|
signatureMaterial = append(signatureMaterial, []byte(fmt.Sprint(bundle.GetTimestamp()))...)
|
|
recoveredPublicKey, err := crypto.SigToPub(
|
|
crypto.Keccak256(signatureMaterial),
|
|
bundle.Signature,
|
|
)
|
|
|
|
require.NoError(t, err, "Public key should be recovered from the bundle successfully")
|
|
|
|
require.Equal(
|
|
t,
|
|
privateKey.PublicKey,
|
|
*recoveredPublicKey,
|
|
"The correct public key should be recovered",
|
|
)
|
|
}
|
|
|
|
func TestSignBundle(t *testing.T) {
|
|
privateKey, err := crypto.ToECDSA([]byte(alicePrivateKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
bundleContainer1, err := NewBundleContainer(privateKey, "1")
|
|
require.NoError(t, err, "Bundle container should be created successfully")
|
|
|
|
bundle1 := bundleContainer1.Bundle
|
|
require.NotNil(t, bundle1, "Bundle should be generated without errors")
|
|
|
|
// We add a signed pre key
|
|
signedPreKeys := bundle1.GetSignedPreKeys()
|
|
signedPreKeys["2"] = &SignedPreKey{SignedPreKey: []byte("key")}
|
|
|
|
err = SignBundle(privateKey, bundleContainer1)
|
|
require.NoError(t, err)
|
|
|
|
signatureMaterial := append([]byte("1"), bundle1.GetSignedPreKeys()["1"].GetSignedPreKey()...)
|
|
signatureMaterial = append(signatureMaterial, []byte("0")...)
|
|
signatureMaterial = append(signatureMaterial, []byte("2")...)
|
|
signatureMaterial = append(signatureMaterial, []byte("key")...)
|
|
signatureMaterial = append(signatureMaterial, []byte("0")...)
|
|
signatureMaterial = append(signatureMaterial, []byte(fmt.Sprint(bundle1.GetTimestamp()))...)
|
|
|
|
recoveredPublicKey, err := crypto.SigToPub(
|
|
crypto.Keccak256(signatureMaterial),
|
|
bundleContainer1.GetBundle().Signature,
|
|
)
|
|
|
|
require.NoError(t, err, "Public key should be recovered from the bundle successfully")
|
|
|
|
require.Equal(
|
|
t,
|
|
privateKey.PublicKey,
|
|
*recoveredPublicKey,
|
|
"The correct public key should be recovered",
|
|
)
|
|
}
|
|
|
|
func TestExtractIdentity(t *testing.T) {
|
|
privateKey, err := crypto.ToECDSA([]byte(alicePrivateKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
bundleContainer, err := NewBundleContainer(privateKey, "1")
|
|
require.NoError(t, err, "Bundle container should be created successfully")
|
|
|
|
err = SignBundle(privateKey, bundleContainer)
|
|
require.NoError(t, err, "Bundle container should be signed successfully")
|
|
|
|
bundle := bundleContainer.Bundle
|
|
require.NotNil(t, bundle, "Bundle should be generated without errors")
|
|
|
|
recoveredPublicKey, err := ExtractIdentity(bundle)
|
|
|
|
require.NoError(t, err, "Public key should be recovered from the bundle successfully")
|
|
|
|
require.Equal(
|
|
t,
|
|
privateKey.PublicKey,
|
|
*recoveredPublicKey,
|
|
"The correct public key should be recovered",
|
|
)
|
|
}
|
|
|
|
// Alice wants to send a message to Bob
|
|
func TestX3dhActive(t *testing.T) {
|
|
bobIdentityKey, err := crypto.ToECDSA([]byte(bobPrivateKey))
|
|
require.NoError(t, err, "Bundle identity key should be generated without errors")
|
|
|
|
bobSignedPreKey, err := crypto.ToECDSA([]byte(bobSignedPreKey))
|
|
require.NoError(t, err, "Bundle signed pre key should be generated without errors")
|
|
|
|
aliceIdentityKey, err := crypto.ToECDSA([]byte(alicePrivateKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
aliceEphemeralKey, err := crypto.ToECDSA([]byte(aliceEphemeralKey))
|
|
require.NoError(t, err, "Ephemeral key should be generated without errors")
|
|
|
|
x3dh, err := x3dhActive(
|
|
ecies.ImportECDSA(aliceIdentityKey),
|
|
ecies.ImportECDSAPublic(&bobSignedPreKey.PublicKey),
|
|
ecies.ImportECDSA(aliceEphemeralKey),
|
|
ecies.ImportECDSAPublic(&bobIdentityKey.PublicKey),
|
|
)
|
|
require.NoError(t, err, "Shared key should be generated without errors")
|
|
require.Equal(t, sharedKey, x3dh, "Should generate the correct key")
|
|
}
|
|
|
|
// Bob receives a message from Alice
|
|
func TestPerformPassiveX3DH(t *testing.T) {
|
|
alicePrivateKey, err := crypto.ToECDSA([]byte(alicePrivateKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
bobSignedPreKey, err := crypto.ToECDSA([]byte(bobSignedPreKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
aliceEphemeralKey, err := crypto.ToECDSA([]byte(aliceEphemeralKey))
|
|
require.NoError(t, err, "Ephemeral key should be generated without errors")
|
|
|
|
bobPrivateKey, err := crypto.ToECDSA([]byte(bobPrivateKey))
|
|
require.NoError(t, err, "Private key should be generated without errors")
|
|
|
|
x3dh, err := PerformPassiveX3DH(
|
|
&alicePrivateKey.PublicKey,
|
|
bobSignedPreKey,
|
|
&aliceEphemeralKey.PublicKey,
|
|
bobPrivateKey,
|
|
)
|
|
require.NoError(t, err, "Shared key should be generated without errors")
|
|
require.Equal(t, sharedKey, x3dh, "Should generate the correct key")
|
|
}
|
|
|
|
func TestPerformActiveX3DH(t *testing.T) {
|
|
bundle, err := bobBundle()
|
|
require.NoError(t, err, "Test bundle should be generated without errors")
|
|
|
|
privateKey, err := crypto.ToECDSA([]byte(bobPrivateKey))
|
|
require.NoError(t, err, "Private key should be imported without errors")
|
|
|
|
signedPreKey := bundle.GetSignedPreKeys()[bobInstallationID].GetSignedPreKey()
|
|
|
|
actualSharedSecret, actualEphemeralKey, err := PerformActiveX3DH(bundle.GetIdentity(), signedPreKey, privateKey)
|
|
require.NoError(t, err, "No error should be reported")
|
|
require.NotNil(t, actualEphemeralKey, "An ephemeral key-pair should be generated")
|
|
require.NotNil(t, actualSharedSecret, "A shared key should be generated")
|
|
}
|