|
388 | 388 | ;; More tests (incl. AAD, AKM, etc.) are in later section for core API |
389 | 389 |
|
390 | 390 | (every? boolean |
391 | | - (for [[key-opts !key-opts] |
392 | | - [[{:password "pwd"} {:password "!pwd"}] |
393 | | - [{:key-sym ba-key} {:key-sym ba-!key}] |
394 | | - [{:key-sym key-sym} {:key-sym !key-sym}]]] |
| 391 | + (flatten |
| 392 | + (for [[key-opts !key-opts] |
| 393 | + [[{:password "pwd"} {:password "!pwd"}] |
| 394 | + [{:key-sym ba-key} {:key-sym ba-!key}] |
| 395 | + [{:key-sym key-sym} {:key-sym !key-sym}]]] |
395 | 396 |
|
396 | | - (let [ba-enc (keys/keychain-encrypt kc key-opts) |
397 | | - kc-dec (keys/keychain-decrypt ba-enc key-opts)] |
| 397 | + (let [ba-enc (keys/keychain-encrypt kc key-opts) |
| 398 | + kc-dec (keys/keychain-decrypt ba-enc key-opts)] |
398 | 399 |
|
399 | | - [(is (= (kci kc) {:n-sym 2, :n-prv 5, :n-pub 4, :secret? true})) |
400 | | - (is (= (kci kc-dec) {:n-sym 2, :n-prv 5, :n-pub 4, :secret? true})) |
401 | | - (is (= kc kc-dec)) |
| 400 | + [(is (= (kci kc) {:n-sym 2, :n-prv 5, :n-pub 4, :secret? true})) |
| 401 | + (is (= (kci kc-dec) {:n-sym 2, :n-prv 5, :n-pub 4, :secret? true})) |
| 402 | + (is (= kc kc-dec)) |
402 | 403 |
|
403 | | - (is (= (get @kc-dec "d") {}) "Keep key-ids for empty entries") |
404 | | - (is (= (set (keys (get @kc-dec "c"))) #{:key-prv :key-algo :priority})) |
| 404 | + (is (= (get @kc-dec "d") {}) "Keep key-ids for empty entries") |
| 405 | + (is (= (set (keys (get @kc-dec "c"))) #{:key-prv :key-algo :priority})) |
405 | 406 |
|
406 | | - (is (= (keys/keychain-decrypt ba-enc !key-opts) nil) "Bad key") |
407 | | - (is (= (kci (:keychain (pd ba-enc))) {:n-pub 4, :secret? false}) "Public keychain in public data") |
| 407 | + (is (= (keys/keychain-decrypt ba-enc !key-opts) nil) "Bad key") |
| 408 | + (is (= (kci (:keychain (pd ba-enc))) {:n-pub 4, :secret? false}) "Public keychain in public data") |
408 | 409 |
|
409 | | - (is (every? nil? (mapv #(or (:key-sym %) (:key-prv %)) (vals @(:keychain (pd ba-enc))))) |
410 | | - "No private data in public keychain")])))))]) |
| 410 | + (is (every? nil? (mapv #(or (:key-sym %) (:key-prv %)) (vals @(:keychain (pd ba-enc))))) |
| 411 | + "No private data in public keychain")]))))))]) |
411 | 412 |
|
412 | 413 | ;;;; Core API |
413 | 414 |
|
|
617 | 618 | kc2 (-> (keys/keychain) (keys/keychain-add-asymmetric-keypair :rsa-1024 {:key-id "a"}))] |
618 | 619 |
|
619 | 620 | [(every? boolean |
620 | | - (for [cnt ["short" (apply str (repeat 128 "x"))]] |
621 | | - (let [ba-cnt (as-ba cnt)] |
622 | | - [(is= (dec (enc ba-cnt kc1 { }) kc1 { }) {:cnt cnt } "-AKM, -AAD") |
623 | | - (is= (dec (enc ba-cnt kc1 {:ba-akm ba-akm}) kc1 {:ba-akm ba-akm }) {:cnt cnt } "+AKM, -AAD") |
624 | | - (is= (dec (enc ba-cnt kc1 {:ba-aad ba-aad}) kc1 { }) {:cnt cnt, :aad "aad"} "-AKM, +AAD") |
625 | | - (is= (dec (enc ba-cnt kc1 {:ba-aad ba-aad |
626 | | - :ba-akm ba-akm}) kc1 {:ba-akm ba-akm }) {:cnt cnt, :aad "aad"} "+AKM, +AAD") |
627 | | - |
628 | | - (is= (dec (enc ba-cnt kc1 { }) kc2 { }) {:err #{"Decryption error" "Message is larger than modulus" "Padding error in decryption"}} "Bad key") |
629 | | - (is= (dec (enc ba-cnt kc1 {:ba-akm ba-akm}) kc1 {:ba-akm ba-!akm}) {:err "Unexpected HMAC" #_"Tag mismatch"} "Bad AKM") |
630 | | - |
631 | | - (is= (pd (enc ba-cnt kc1 { })) {:kind :encrypted-with-1-keypair, :key-algo :rsa-1024, :key-id "a" } "Public data") |
632 | | - (is= (pd (enc ba-cnt kc1 {:ba-aad ba-aad})) {:kind :encrypted-with-1-keypair, :key-algo :rsa-1024, :key-id "a", :aad "aad"} "Public data +AAD") |
633 | | - |
634 | | - (is= (dec (enc ba-cnt kc1 {:backup-key master-kc }) kc1 { }) {:cnt cnt} "+Backup, use primary, -AKM, -AAD") |
635 | | - (is= (dec (enc ba-cnt kc1 {:backup-key master-kc :ba-akm ba-akm}) kc1 {:ba-akm ba-akm }) {:cnt cnt} "+Backup, use primary, +AKM, -AAD") |
636 | | - (is= (dec (enc ba-cnt kc1 {:backup-key master-kc }) nil {:backup-key master-kc}) {:cnt cnt} "+Backup, use backup, -AKM, -AAD") |
637 | | - (is= (dec (enc ba-cnt kc1 {:backup-key master-kc :ba-akm ba-akm}) nil {:backup-key master-kc}) {:cnt cnt} "+Backup, use backup, +AKM, -AAD")]))) |
| 621 | + (flatten |
| 622 | + (for [cnt ["short" (apply str (repeat 128 "x"))]] |
| 623 | + (let [ba-cnt (as-ba cnt)] |
| 624 | + [(is= (dec (enc ba-cnt kc1 { }) kc1 { }) {:cnt cnt } "-AKM, -AAD") |
| 625 | + (is= (dec (enc ba-cnt kc1 {:ba-akm ba-akm}) kc1 {:ba-akm ba-akm }) {:cnt cnt } "+AKM, -AAD") |
| 626 | + (is= (dec (enc ba-cnt kc1 {:ba-aad ba-aad}) kc1 { }) {:cnt cnt, :aad "aad"} "-AKM, +AAD") |
| 627 | + (is= (dec (enc ba-cnt kc1 {:ba-aad ba-aad |
| 628 | + :ba-akm ba-akm}) kc1 {:ba-akm ba-akm }) {:cnt cnt, :aad "aad"} "+AKM, +AAD") |
| 629 | + |
| 630 | + (is= (dec (enc ba-cnt kc1 { }) kc2 { }) {:err #{"Decryption error" "Message is larger than modulus" "Padding error in decryption"}} "Bad key") |
| 631 | + (is= (dec (enc ba-cnt kc1 {:ba-akm ba-akm}) kc1 {:ba-akm ba-!akm}) {:err "Unexpected HMAC" #_"Tag mismatch"} "Bad AKM") |
| 632 | + |
| 633 | + (is= (pd (enc ba-cnt kc1 { })) {:kind :encrypted-with-1-keypair, :key-algo :rsa-1024, :key-id "a" } "Public data") |
| 634 | + (is= (pd (enc ba-cnt kc1 {:ba-aad ba-aad})) {:kind :encrypted-with-1-keypair, :key-algo :rsa-1024, :key-id "a", :aad "aad"} "Public data +AAD") |
| 635 | + |
| 636 | + (is= (dec (enc ba-cnt kc1 {:backup-key master-kc }) kc1 { }) {:cnt cnt} "+Backup, use primary, -AKM, -AAD") |
| 637 | + (is= (dec (enc ba-cnt kc1 {:backup-key master-kc :ba-akm ba-akm}) kc1 {:ba-akm ba-akm }) {:cnt cnt} "+Backup, use primary, +AKM, -AAD") |
| 638 | + (is= (dec (enc ba-cnt kc1 {:backup-key master-kc }) nil {:backup-key master-kc}) {:cnt cnt} "+Backup, use backup, -AKM, -AAD") |
| 639 | + (is= (dec (enc ba-cnt kc1 {:backup-key master-kc :ba-akm ba-akm}) nil {:backup-key master-kc}) {:cnt cnt} "+Backup, use backup, +AKM, -AAD")])))) |
638 | 640 |
|
639 | 641 | (is (:passed? (combinatorial-roundtrip-tests! "roundtrip with 1 keypair" :rand-bytes enc dec kc1 kc1 kc2)))])) |
640 | 642 |
|
|
0 commit comments