update

number571 · Oct 18, 2024 · 76b77ad · 76b77ad
1 parent 03ed2db
commit 76b77ad
Show file tree

Hide file tree

Showing 9 changed files with 1,314 additions and 1,008 deletions.
diff --git a/pkg/client/client_test.go b/pkg/client/client_test.go
@@ -3,14 +3,26 @@ package client
 
 import (
 	"bytes"
+	"errors"
 	"testing"
 
+	"github.com/number571/go-peer/pkg/client/message"
 	"github.com/number571/go-peer/pkg/crypto/asymmetric"
+	"github.com/number571/go-peer/pkg/crypto/hashing"
+	"github.com/number571/go-peer/pkg/crypto/random"
+	"github.com/number571/go-peer/pkg/crypto/symmetric"
+	"github.com/number571/go-peer/pkg/encoding"
+	"github.com/number571/go-peer/pkg/payload/joiner"
 )
 
 func TestPanicNewClient(t *testing.T) {
 	t.Parallel()
 
+	tcNewClientWithSmallMsgSize(t)
+	tcNewClientWithInvalidPrivKey(t)
+}
+
+func tcNewClientWithSmallMsgSize(t *testing.T) {
 	defer func() {
 		if r := recover(); r == nil {
 			t.Error("nothing panics")
@@ -21,6 +33,17 @@ func TestPanicNewClient(t *testing.T) {
 	_ = NewClient(asymmetric.NewPrivKey(), 8)
 }
 
+func tcNewClientWithInvalidPrivKey(t *testing.T) {
+	defer func() {
+		if r := recover(); r == nil {
+			t.Error("nothing panics")
+			return
+		}
+	}()
+
+	_ = NewClient(&tsPrivKey{}, (8 << 10))
+}
+
 func TestError(t *testing.T) {
 	t.Parallel()
 
@@ -32,13 +55,68 @@ func TestError(t *testing.T) {
 	}
 }
 
+func TestInvalidKeys(t *testing.T) {
+	t.Parallel()
+
+	_client := NewClient(asymmetric.NewPrivKey(), (8 << 10)).(*sClient)
+	if _, err := _client.encryptWithParams(&tsKEMPubKey{}, []byte("hello"), 0); err == nil {
+		t.Error("success encrypt with invalid pubkey")
+		return
+	}
+
+	kemPubKey := _client.GetPrivKey().GetKEMPrivKey().GetPubKey()
+	msg := []byte("hello, world!")
+
+	enc, err := _client.EncryptMessage(kemPubKey, msg)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	_client.fPrivKey = &tsPrivKey{}
+	if _, _, err := _client.DecryptMessage(enc); err == nil {
+		t.Error("success decrypt with invalid privkey")
+		return
+	}
+}
+
+func TestInvalidClient(t *testing.T) {
+	t.Parallel()
+
+	msgsize := uint64(8 << 10)
+	client := NewClient(asymmetric.NewPrivKey(), msgsize)
+	kemPubKey := client.GetPrivKey().GetKEMPrivKey().GetPubKey()
+
+	_client := client.(*sClient)
+	msg1 := []byte("hello")
+	pad1 := client.GetPayloadLimit() - uint64(len(msg1)) + 2*encoding.CSizeUint32
+
+	enc1, err := _client.tcEncryptWithParamsInvalidMessageBytes(kemPubKey, msg1, pad1)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	if _, _, err := client.DecryptMessage(enc1); err == nil {
+		t.Error("success decrypt message with invalid bytes structure (without joiner)")
+		return
+	}
+
+	pad2 := client.GetPayloadLimit() - uint64(len(msg1)) + asymmetric.CDSAPubKeySize - 3
+	enc2, err := _client.tcEncryptWithParamsInvalidDSAPublicKey(kemPubKey, msg1, pad2)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	if _, _, err := client.DecryptMessage(enc2); err == nil {
+		t.Error("success decrypt message with invalid dsa public key")
+		return
+	}
+}
+
 func TestClient(t *testing.T) {
 	t.Parallel()
 
-	client := NewClient(
-		asymmetric.NewPrivKey(),
-		(8 << 10),
-	)
+	client := NewClient(asymmetric.NewPrivKey(), (8 << 10))
 
 	kemPubKey := client.GetPrivKey().GetKEMPrivKey().GetPubKey()
 	msg := []byte("hello, world!")
@@ -74,10 +152,7 @@ func TestClient(t *testing.T) {
 func TestDecrypt(t *testing.T) {
 	t.Parallel()
 
-	client := NewClient(
-		asymmetric.NewPrivKey(),
-		(8 << 10),
-	)
+	client := NewClient(asymmetric.NewPrivKey(), (8 << 10))
 
 	if _, _, err := client.DecryptMessage([]byte{123}); err == nil {
 		t.Error("success decrypt with invalid ciphertext (1)")
@@ -113,3 +188,117 @@ func TestDecrypt(t *testing.T) {
 		return
 	}
 }
+
+var (
+	_ asymmetric.IPrivKey    = &tsPrivKey{}
+	_ asymmetric.IKEMPubKey  = &tsKEMPubKey{}
+	_ asymmetric.IDSAPubKey  = &tsDSAPubKey{}
+	_ asymmetric.IKEMPrivKey = &tsKEMPrivKey{}
+	_ asymmetric.IDSAPrivKey = &tsDSAPrivKey{}
+)
+
+type tsPrivKey struct{}
+type tsKEMPubKey struct{}
+type tsDSAPubKey struct{}
+type tsKEMPrivKey struct{}
+type tsDSAPrivKey struct{}
+
+func (p *tsPrivKey) ToString() string                      { return "" }
+func (p *tsPrivKey) ToBytes() []byte                       { return nil }
+func (p *tsPrivKey) GetPubKey() asymmetric.IPubKey         { return nil }
+func (p *tsPrivKey) GetKEMPrivKey() asymmetric.IKEMPrivKey { return &tsKEMPrivKey{} }
+func (p *tsPrivKey) GetDSAPrivKey() asymmetric.IDSAPrivKey { return &tsDSAPrivKey{} }
+
+func (p *tsKEMPubKey) ToBytes() []byte { return nil }
+func (p *tsKEMPubKey) Encapsulate() ([]byte, []byte, error) {
+	return nil, nil, errors.New("some error")
+}
+
+func (p *tsKEMPrivKey) ToBytes() []byte                    { return nil }
+func (p *tsKEMPrivKey) GetPubKey() asymmetric.IKEMPubKey   { return &tsKEMPubKey{} }
+func (p *tsKEMPrivKey) Decapsulate([]byte) ([]byte, error) { return nil, errors.New("some error") }
+
+func (p *tsDSAPrivKey) ToBytes() []byte                  { return nil }
+func (p *tsDSAPrivKey) GetPubKey() asymmetric.IDSAPubKey { return &tsDSAPubKey{} }
+func (p *tsDSAPrivKey) SignBytes([]byte) []byte          { return nil }
+
+func (p *tsDSAPubKey) ToBytes() []byte                 { return nil }
+func (p *tsDSAPubKey) VerifyBytes([]byte, []byte) bool { return false }
+
+func (p *sClient) tcEncryptWithParamsInvalidMessageBytes(
+	pRecv asymmetric.IKEMPubKey,
+	pMsg []byte,
+	pPadd uint64,
+) ([]byte, error) {
+	var (
+		rand = random.NewRandom()
+		salt = rand.GetBytes(cSaltSize)
+		sign = p.fPrivKey.GetDSAPrivKey()
+	)
+
+	data := bytes.Join([][]byte{pMsg, rand.GetBytes(pPadd)}, []byte{})
+	hash := hashing.NewHMACHasher(salt, bytes.Join(
+		[][]byte{
+			sign.GetPubKey().ToBytes(),
+			pRecv.ToBytes(),
+			data,
+		},
+		[]byte{},
+	)).ToBytes()
+
+	ct, sk, err := pRecv.Encapsulate()
+	if err != nil {
+		return nil, ErrEncryptSymmetricKey
+	}
+
+	cipher := symmetric.NewCipher(sk)
+	return message.NewMessage(
+		ct,
+		cipher.EncryptBytes(joiner.NewBytesJoiner32([][]byte{
+			sign.GetPubKey().ToBytes(),
+			salt,
+			hash,
+			sign.SignBytes(hash),
+			data,
+		})),
+	).ToBytes(), nil
+}
+
+func (p *sClient) tcEncryptWithParamsInvalidDSAPublicKey(
+	pRecv asymmetric.IKEMPubKey,
+	pMsg []byte,
+	pPadd uint64,
+) ([]byte, error) {
+	var (
+		rand = random.NewRandom()
+		salt = rand.GetBytes(cSaltSize)
+		sign = p.fPrivKey.GetDSAPrivKey()
+	)
+
+	data := joiner.NewBytesJoiner32([][]byte{pMsg, rand.GetBytes(pPadd)})
+	hash := hashing.NewHMACHasher(salt, bytes.Join(
+		[][]byte{
+			sign.GetPubKey().ToBytes(),
+			pRecv.ToBytes(),
+			data,
+		},
+		[]byte{},
+	)).ToBytes()
+
+	ct, sk, err := pRecv.Encapsulate()
+	if err != nil {
+		return nil, ErrEncryptSymmetricKey
+	}
+
+	cipher := symmetric.NewCipher(sk)
+	return message.NewMessage(
+		ct,
+		cipher.EncryptBytes(joiner.NewBytesJoiner32([][]byte{
+			[]byte("123"),
+			salt,
+			hash,
+			sign.SignBytes(hash),
+			data,
+		})),
+	).ToBytes(), nil
+}
diff --git a/pkg/crypto/asymmetric/dsa_test.go b/pkg/crypto/asymmetric/dsa_test.go
@@ -1,9 +1,27 @@
 package asymmetric
 
 import (
+	"crypto"
+	"io"
 	"testing"
+
+	"github.com/cloudflare/circl/sign"
 )
 
+func TestNewDSA(t *testing.T) {
+	t.Parallel()
+
+	if pk := newDSAPrivKey(&tsPrivateKeyDSA{}); pk != nil {
+		t.Error("success get another dsa privkey (not mldsa65)")
+		return
+	}
+
+	if pk := newDSAPubKey(&tsPublicKeyDSA{}); pk != nil {
+		t.Error("success get another dsa pubkey (not mldsa65)")
+		return
+	}
+}
+
 func TestSigner(t *testing.T) {
 	t.Parallel()
 
@@ -32,3 +50,23 @@ func TestSigner(t *testing.T) {
 	// fmt.Println(len(privKey.ToBytes()))
 	// fmt.Println(len(pubKey.ToBytes()), len(sign))
 }
+
+var (
+	_ sign.PrivateKey = &tsPrivateKeyDSA{}
+	_ sign.PublicKey  = &tsPublicKeyDSA{}
+)
+
+type tsPrivateKeyDSA struct{}
+type tsPublicKeyDSA struct{}
+
+func (p *tsPrivateKeyDSA) Scheme() sign.Scheme            { return nil }
+func (p *tsPrivateKeyDSA) MarshalBinary() ([]byte, error) { return nil, nil }
+func (p *tsPrivateKeyDSA) Equal(crypto.PrivateKey) bool   { return false }
+func (p *tsPrivateKeyDSA) Public() crypto.PublicKey       { return nil }
+func (p *tsPrivateKeyDSA) Sign(io.Reader, []byte, crypto.SignerOpts) ([]byte, error) {
+	return nil, nil
+}
+
+func (p *tsPublicKeyDSA) Scheme() sign.Scheme            { return nil }
+func (p *tsPublicKeyDSA) MarshalBinary() ([]byte, error) { return nil, nil }
+func (p *tsPublicKeyDSA) Equal(crypto.PublicKey) bool    { return false }
diff --git a/pkg/crypto/asymmetric/kem_test.go b/pkg/crypto/asymmetric/kem_test.go
@@ -3,8 +3,24 @@ package asymmetric
 import (
 	"bytes"
 	"testing"
+
+	"github.com/cloudflare/circl/kem"
 )
 
+func TestNewKEM(t *testing.T) {
+	t.Parallel()
+
+	if pk := newKEMPrivKey(&tsPrivateKeyKEM{}); pk != nil {
+		t.Error("success get another kem privkey (not mlkem768)")
+		return
+	}
+
+	if pk := newKEMPubKey(&tsPublicKeyKEM{}); pk != nil {
+		t.Error("success get another kem pubkey (not mlkem768)")
+		return
+	}
+}
+
 func TestKEM(t *testing.T) {
 	t.Parallel()
 
@@ -42,3 +58,20 @@ func TestKEM(t *testing.T) {
 	// fmt.Println(len(privKey.ToBytes()))
 	// fmt.Println(len(pubKey.ToBytes()), len(ct), len(ss1))
 }
+
+var (
+	_ kem.PrivateKey = &tsPrivateKeyKEM{}
+	_ kem.PublicKey  = &tsPublicKeyKEM{}
+)
+
+type tsPrivateKeyKEM struct{}
+type tsPublicKeyKEM struct{}
+
+func (p *tsPrivateKeyKEM) Scheme() kem.Scheme             { return nil }
+func (p *tsPrivateKeyKEM) MarshalBinary() ([]byte, error) { return nil, nil }
+func (p *tsPrivateKeyKEM) Equal(kem.PrivateKey) bool      { return false }
+func (p *tsPrivateKeyKEM) Public() kem.PublicKey          { return nil }
+
+func (p *tsPublicKeyKEM) Scheme() kem.Scheme             { return nil }
+func (p *tsPublicKeyKEM) MarshalBinary() ([]byte, error) { return nil, nil }
+func (p *tsPublicKeyKEM) Equal(kem.PublicKey) bool       { return false }