liz/veilid
1
0
Fork 0
Code Pull Requests Packages Releases Activity

Switch to Ed25519 signature + XChaCha20

Browse Source 
also add infoq nodeinfo
This commit is contained in:
John Smith
2022-04-03 21:35:14 -04:00
parent a33473d8ea
commit fe1754b84b
8 changed files with 135 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
veilid-core/src/tests/common/test_crypto.rs
View File

@@ -21,8 +21,8 @@ async fn shutdown(api: VeilidAPI) {
trace!("test_table_store: finished");
}
pub async fn test_enc_dec() {
trace!("test_enc_dec");
pub async fn test_aead() {
trace!("test_aead");
let n1 = Crypto::get_random_nonce();
let n2 = loop {
@@ -44,52 +44,101 @@ pub async fn test_enc_dec() {
let body2 = body.clone();
let size_before_encrypt = body.len();
assert!(
Crypto::encrypt_in_place(&mut body, &n1, &ss1, None).is_ok(),
Crypto::encrypt_in_place_aead(&mut body, &n1, &ss1, None).is_ok(),
"encrypt should succeed"
);
let size_after_encrypt = body.len();
assert!(
size_after_encrypt - size_before_encrypt == ENCRYPTION_OVERHEAD,
size_after_encrypt - size_before_encrypt == AEAD_OVERHEAD,
"overhead should match"
);
let mut body3 = body.clone();
let mut body4 = body.clone();
let mut body5 = body.clone();
assert!(
Crypto::decrypt_in_place(&mut body, &n1, &ss1, None).is_ok(),
Crypto::decrypt_in_place_aead(&mut body, &n1, &ss1, None).is_ok(),
"decrypt should succeed"
);
assert_eq!(body, body2, "results should be the same");
assert!(
Crypto::decrypt_in_place(&mut body3, &n2, &ss1, None).is_err(),
Crypto::decrypt_in_place_aead(&mut body3, &n2, &ss1, None).is_err(),
"decrypt with wrong nonce should fail"
);
assert_ne!(body3, body, "failure changes data");
assert!(
Crypto::decrypt_in_place(&mut body4, &n1, &ss2, None).is_err(),
Crypto::decrypt_in_place_aead(&mut body4, &n1, &ss2, None).is_err(),
"decrypt with wrong secret should fail"
);
assert_ne!(body4, body, "failure changes data");
assert!(
Crypto::decrypt_in_place(&mut body5, &n1, &ss2, Some(b"foobar")).is_err(),
Crypto::decrypt_in_place_aead(&mut body5, &n1, &ss2, Some(b"foobar")).is_err(),
"decrypt with wrong associated data should fail"
);
assert_ne!(body5, body, "failure changes data");
assert!(
Crypto::decrypt(LOREM_IPSUM, &n1, &ss1, None).is_err(),
Crypto::decrypt_aead(LOREM_IPSUM, &n1, &ss1, None).is_err(),
"should fail authentication"
);
let body5 = Crypto::encrypt(LOREM_IPSUM, &n1, &ss1, None).unwrap();
let body6 = Crypto::decrypt(&body5, &n1, &ss1, None).unwrap();
let body7 = Crypto::encrypt(LOREM_IPSUM, &n1, &ss1, None).unwrap();
let body5 = Crypto::encrypt_aead(LOREM_IPSUM, &n1, &ss1, None).unwrap();
let body6 = Crypto::decrypt_aead(&body5, &n1, &ss1, None).unwrap();
let body7 = Crypto::encrypt_aead(LOREM_IPSUM, &n1, &ss1, None).unwrap();
assert_eq!(body6, LOREM_IPSUM);
assert_eq!(body5, body7);
}
pub async fn test_no_auth() {
trace!("test_no_auth");
let n1 = Crypto::get_random_nonce();
let n2 = loop {
let n = Crypto::get_random_nonce();
if n != n1 {
break n;
}
};
let ss1 = Crypto::get_random_secret();
let ss2 = loop {
let ss = Crypto::get_random_secret();
if ss != ss1 {
break ss;
}
};
let mut body = LOREM_IPSUM.to_vec();
let body2 = body.clone();
let size_before_encrypt = body.len();
Crypto::crypt_in_place_no_auth(&mut body, &n1, &ss1);
let size_after_encrypt = body.len();
assert_eq!(
size_after_encrypt, size_before_encrypt,
"overhead should match"
);
let mut body3 = body.clone();
let mut body4 = body.clone();
Crypto::crypt_in_place_no_auth(&mut body, &n1, &ss1);
assert_eq!(body, body2, "result after decrypt should be the same");
Crypto::crypt_in_place_no_auth(&mut body3, &n2, &ss1);
assert_ne!(body3, body, "decrypt should not be equal with wrong nonce");
Crypto::crypt_in_place_no_auth(&mut body4, &n1, &ss2);
assert_ne!(body4, body, "decrypt should not be equal with wrong secret");
let body5 = Crypto::crypt_no_auth(LOREM_IPSUM, &n1, &ss1);
let body6 = Crypto::crypt_no_auth(&body5, &n1, &ss1);
let body7 = Crypto::crypt_no_auth(LOREM_IPSUM, &n1, &ss1);
assert_eq!(body6, LOREM_IPSUM);
assert_eq!(body5, body7);
}
pub async fn test_dh(crypto: Crypto) {
trace!("test_dh");
let (dht_key, dht_key_secret) = key::generate_secret();
@@ -119,7 +168,8 @@ pub async fn test_dh(crypto: Crypto) {
pub async fn test_all() {
let api = startup().await;
let crypto = api.crypto().unwrap();
test_enc_dec().await;
test_aead().await;
test_no_auth().await;
test_dh(crypto).await;
shutdown(api.clone()).await;
assert!(api.is_shutdown());

22
veilid-core/src/tests/common/test_envelope_receipt.rs
View File

@@ -33,19 +33,31 @@ pub async fn test_envelope_round_trip() {
// Deserialize from bytes
let envelope2 =
Envelope::from_data(&enc_data).expect("failed to deserialize envelope from data");
Envelope::from_signed_data(&enc_data).expect("failed to deserialize envelope from data");
let body2 = envelope2
.decrypt_body(crypto.clone(), &enc_data, &recipient_secret)
.expect("failed to decrypt envelope body");
envelope2
.decrypt_body(crypto.clone(), &enc_data, &sender_secret)
.expect_err("should have failed to decrypt using wrong secret");
// Compare envelope and body
assert_eq!(envelope, envelope2);
assert_eq!(body.to_vec(), body2);
// Deserialize from modified bytes
let enc_data_len = enc_data.len();
let mut mod_enc_data = enc_data.clone();
mod_enc_data[enc_data_len - 1] ^= 0x80u8;
assert!(
Envelope::from_signed_data(&mod_enc_data).is_err(),
"should have failed to decode envelope with modified signature"
);
let mut mod_enc_data2 = enc_data.clone();
mod_enc_data2[enc_data_len - 65] ^= 0x80u8;
assert!(
Envelope::from_signed_data(&mod_enc_data2).is_err(),
"should have failed to decode envelope with modified data"
);
api.shutdown().await;
}