-
Notifications
You must be signed in to change notification settings - Fork 4
/
ring_test.go
66 lines (50 loc) · 1.58 KB
/
ring_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
package macdaddy
import (
"bytes"
. "github.com/bsm/ginkgo/v2"
. "github.com/bsm/gomega"
)
var _ = Describe("Ring", func() {
var subject *Ring
var key = []byte("THISisOURverySECRET32byteTESTkey")
var plain = bytes.Repeat([]byte{'x'}, 64)
var mac6, mac7 *MAC
BeforeEach(func() {
var err error
mac7, err = New(key, 7, 0)
Expect(err).NotTo(HaveOccurred())
mac6, err = New(key, 6, 0)
Expect(err).NotTo(HaveOccurred())
subject = NewRing(mac7)
subject.Register(mac6)
})
It("should encrypt using primary mac", func() {
msg := subject.Encrypt(nil, plain)
_, err := mac7.Decrypt(nil, msg)
Expect(err).NotTo(HaveOccurred())
_, err = mac6.Decrypt(nil, msg)
Expect(err).To(Equal(ErrUnknownEpoch))
})
It("should decrypt using registered mac", func() {
_, err := subject.Decrypt(nil, mac7.Encrypt(nil, plain))
Expect(err).NotTo(HaveOccurred())
_, err = subject.Decrypt(nil, mac6.Encrypt(nil, plain))
Expect(err).NotTo(HaveOccurred())
})
It("should fail to decrypt invalid messages", func() {
_, err := subject.Decrypt(nil, []byte("a"))
Expect(err).To(Equal(ErrBadToken))
})
It("should fail to decrypt messages from bad terms", func() {
mac3, err := New(key, 3, 0)
Expect(err).NotTo(HaveOccurred())
_, err = subject.Decrypt(nil, mac3.Encrypt(nil, plain))
Expect(err).To(Equal(ErrUnknownEpoch))
})
It("should fail to decrypt messages from non-matching MACs", func() {
mac6b, err := New(bytes.ToUpper(key), 6, 0)
Expect(err).NotTo(HaveOccurred())
_, err = subject.Decrypt(nil, mac6b.Encrypt(nil, plain))
Expect(err).To(Equal(ErrBadToken))
})
})