diff --git a/src/ikm.rs b/src/ikm.rs index d49ac2b..9d15dcf 100644 --- a/src/ikm.rs +++ b/src/ikm.rs @@ -165,7 +165,54 @@ impl std::ops::Deref for InputKeyMaterialList { mod tests { use super::*; - #[cfg(feature = "ikm-management")] + #[test] + fn import() { + let s = + "AQAAAA:AQAAAAEAAAC_vYEw1ujVG5i-CtoPYSzik_6xaAq59odjPm5ij01-e6zz4mUAAAAALJGBiwAAAAAA"; + let res = InputKeyMaterialList::import(s); + assert!(res.is_ok(), "res: {res:?}"); + let lst = res.unwrap(); + assert_eq!(lst.id_counter, 1); + assert_eq!(lst.ikm_lst.len(), 1); + let ikm = lst.ikm_lst.first().unwrap(); + assert_eq!(ikm.id, 1); + assert_eq!(ikm.scheme, Scheme::XChaCha20Poly1305WithBlake3); + assert_eq!( + ikm.content, + [ + 191, 189, 129, 48, 214, 232, 213, 27, 152, 190, 10, 218, 15, 97, 44, 226, 147, 254, + 177, 104, 10, 185, 246, 135, 99, 62, 110, 98, 143, 77, 126, 123 + ] + ); + assert_eq!(ikm.is_revoked, false); + } +} + +#[cfg(all(test, feature = "ikm-management"))] +mod ikm_management { + use super::*; + + // This list contains the folowing IKM: + // 1: * created_at: Monday 1 April 2019 10:21:42 + // * expire_at: Wednesday 1 April 2020 10:21:42 + // * is_revoked: true + // 2: * created_at: Thursday 12 March 2020 10:21:42 + // * expire_at: Friday 12 March 2021 10:21:42 + // * is_revoked: false + // 3: * created_at: Sunday 21 February 2021 10:21:42 + // * expire_at: Thursday 10 February 2180 10:21:42 + // * is_revoked: false + // 4: * created_at: Sunday 30 January 2022 10:21:42 + // * expire_at: Tuesday 10 January 2023 10:21:42 + // * is_revoked: false + // 5: * created_at: Tuesday 2 January 2024 10:21:42 + // * expire_at: Tuesday 6 June 2180 10:21:42 + // * is_revoked: true + // 6: * created_at: Tuesday 15 August 2180 10:21:42 + // * expire_at: Wednesday 15 August 2181 10:21:42 + // * is_revoked: false + const TEST_STR: &str = "BgAAAA:AQAAAAEAAACUAPcqngJ46_HMtJSdIw-WeUtImcCVxOA47n6UIN5K2TbmoVwAAAAANmuEXgAAAAAB:AgAAAAEAAADf7CR8vl_aWOUyfsO0ek0YQr_Yi7L_sJmF2nIt_XOaCzYNal4AAAAAtkBLYAAAAAAA:AwAAAAEAAAAMoNIW9gIGkzegUDEsU3N1Rf_Zz0OMuylUSiQjUzLXqzY0MmAAAAAANsk0iwEAAAAA:BAAAAAEAAABbwRrMz3x3DkfOEFg1BHfLLRHoNqg6d_xGWwdh48hH8rZm9mEAAAAANjy9YwAAAAAA:BQAAAAEAAAA2LwnTgDUF7qn7dy79VA24JSSgo6vllAtU5zmhrxNJu7YIz4sBAAAANoUMjgEAAAAB:BgAAAAEAAAAn0Vqe2f9YRXBt6xVYaeSLs0Gf0S0_5B-hk-a2b0rhlraCJbwAAAAAtlErjAEAAAAA"; + fn round_time(t: SystemTime) -> SystemTime { let secs = t.duration_since(SystemTime::UNIX_EPOCH).unwrap().as_secs(); SystemTime::UNIX_EPOCH @@ -174,7 +221,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn gen_ikm_list() { let mut lst = InputKeyMaterialList::new(); assert_eq!(lst.id_counter, 0); @@ -204,7 +250,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn export_empty() { let lst = InputKeyMaterialList::new(); assert_eq!(lst.id_counter, 0); @@ -217,7 +262,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn export() { let mut lst = InputKeyMaterialList::new(); let _ = lst.add_ikm(); @@ -230,28 +274,14 @@ mod tests { #[test] fn import() { - let s = - "AQAAAA:AQAAAAEAAAC_vYEw1ujVG5i-CtoPYSzik_6xaAq59odjPm5ij01-e6zz4mUAAAAALJGBiwAAAAAA"; - let res = InputKeyMaterialList::import(s); + let res = InputKeyMaterialList::import(TEST_STR); assert!(res.is_ok(), "res: {res:?}"); let lst = res.unwrap(); - assert_eq!(lst.id_counter, 1); - assert_eq!(lst.ikm_lst.len(), 1); - let ikm = lst.ikm_lst.first().unwrap(); - assert_eq!(ikm.id, 1); - assert_eq!(ikm.scheme, Scheme::XChaCha20Poly1305WithBlake3); - assert_eq!( - ikm.content, - [ - 191, 189, 129, 48, 214, 232, 213, 27, 152, 190, 10, 218, 15, 97, 44, 226, 147, 254, - 177, 104, 10, 185, 246, 135, 99, 62, 110, 98, 143, 77, 126, 123 - ] - ); - assert_eq!(ikm.is_revoked, false); + assert_eq!(lst.id_counter, 6); + assert_eq!(lst.ikm_lst.len(), 6); } #[test] - #[cfg(feature = "ikm-management")] fn export_import_empty() { let lst = InputKeyMaterialList::new(); @@ -269,7 +299,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn export_import() { let mut lst = InputKeyMaterialList::new(); for _ in 0..10 { @@ -300,7 +329,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn delete_ikm() { let mut lst = InputKeyMaterialList::new(); let _ = lst.add_ikm(); @@ -319,7 +347,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn revoke_ikm() { let mut lst = InputKeyMaterialList::new(); let _ = lst.add_ikm(); @@ -338,7 +365,6 @@ mod tests { } #[test] - #[cfg(feature = "ikm-management")] fn iterate() { let mut lst = InputKeyMaterialList::new(); for _ in 0..10 { @@ -352,7 +378,22 @@ mod tests { } #[test] - #[cfg(feature = "encryption")] + fn get_latest_ikm() { + let res = InputKeyMaterialList::import(TEST_STR); + assert!(res.is_ok(), "res: {res:?}"); + let lst = res.unwrap(); + let res = lst.get_latest_ikm(); + assert!(res.is_ok(), "res: {res:?}"); + let ikm = res.unwrap(); + assert_eq!(ikm.id, 3); + } +} + +#[cfg(all(test, feature = "encryption"))] +mod encryption { + use super::*; + + #[test] fn get_latest_ikm() { let mut lst = InputKeyMaterialList::new(); let _ = lst.add_ikm(); @@ -370,7 +411,6 @@ mod tests { } #[test] - #[cfg(feature = "encryption")] fn get_latest_ikm_empty() { let lst = InputKeyMaterialList::new(); let res = lst.get_latest_ikm(); @@ -378,7 +418,6 @@ mod tests { } #[test] - #[cfg(feature = "encryption")] fn get_ikm_by_id() { let mut lst = InputKeyMaterialList::new(); let _ = lst.add_ikm(); @@ -393,7 +432,6 @@ mod tests { } #[test] - #[cfg(feature = "encryption")] fn get_ikm_by_id_noexists() { let mut lst = InputKeyMaterialList::new(); let _ = lst.add_ikm(); diff --git a/src/storage.rs b/src/storage.rs index 10f1c43..e2f21bb 100644 --- a/src/storage.rs +++ b/src/storage.rs @@ -106,11 +106,197 @@ pub(crate) fn decode_cipher(data: &str) -> Result<(IkmId, EncryptedData, Option< } #[cfg(test)] -mod tests { +mod ikm_lst { + use crate::InputKeyMaterialList; + + const TEST_STR: &str = "BgAAAA:AQAAAAEAAACUAPcqngJ46_HMtJSdIw-WeUtImcCVxOA47n6UIN5K2TbmoVwAAAAANmuEXgAAAAAB:AgAAAAEAAADf7CR8vl_aWOUyfsO0ek0YQr_Yi7L_sJmF2nIt_XOaCzYNal4AAAAAtkBLYAAAAAAA:AwAAAAEAAAAMoNIW9gIGkzegUDEsU3N1Rf_Zz0OMuylUSiQjUzLXqzY0MmAAAAAANsk0iwEAAAAA:BAAAAAEAAABbwRrMz3x3DkfOEFg1BHfLLRHoNqg6d_xGWwdh48hH8rZm9mEAAAAANjy9YwAAAAAA:BQAAAAEAAAA2LwnTgDUF7qn7dy79VA24JSSgo6vllAtU5zmhrxNJu7YIz4sBAAAANoUMjgEAAAAB:BgAAAAEAAAAn0Vqe2f9YRXBt6xVYaeSLs0Gf0S0_5B-hk-a2b0rhlraCJbwAAAAAtlErjAEAAAAA"; + const TEST_CTN_0: &[u8] = &[ + 0x94, 0x00, 0xf7, 0x2a, 0x9e, 0x02, 0x78, 0xeb, 0xf1, 0xcc, 0xb4, 0x94, 0x9d, 0x23, 0x0f, + 0x96, 0x79, 0x4b, 0x48, 0x99, 0xc0, 0x95, 0xc4, 0xe0, 0x38, 0xee, 0x7e, 0x94, 0x20, 0xde, + 0x4a, 0xd9, + ]; + const TEST_CTN_1: &[u8] = &[ + 0xdf, 0xec, 0x24, 0x7c, 0xbe, 0x5f, 0xda, 0x58, 0xe5, 0x32, 0x7e, 0xc3, 0xb4, 0x7a, 0x4d, + 0x18, 0x42, 0xbf, 0xd8, 0x8b, 0xb2, 0xff, 0xb0, 0x99, 0x85, 0xda, 0x72, 0x2d, 0xfd, 0x73, + 0x9a, 0x0b, + ]; + const TEST_CTN_2: &[u8] = &[ + 0x0c, 0xa0, 0xd2, 0x16, 0xf6, 0x02, 0x06, 0x93, 0x37, 0xa0, 0x50, 0x31, 0x2c, 0x53, 0x73, + 0x75, 0x45, 0xff, 0xd9, 0xcf, 0x43, 0x8c, 0xbb, 0x29, 0x54, 0x4a, 0x24, 0x23, 0x53, 0x32, + 0xd7, 0xab, + ]; + const TEST_CTN_3: &[u8] = &[ + 0x5b, 0xc1, 0x1a, 0xcc, 0xcf, 0x7c, 0x77, 0x0e, 0x47, 0xce, 0x10, 0x58, 0x35, 0x04, 0x77, + 0xcb, 0x2d, 0x11, 0xe8, 0x36, 0xa8, 0x3a, 0x77, 0xfc, 0x46, 0x5b, 0x07, 0x61, 0xe3, 0xc8, + 0x47, 0xf2, + ]; + const TEST_CTN_4: &[u8] = &[ + 0x36, 0x2f, 0x09, 0xd3, 0x80, 0x35, 0x05, 0xee, 0xa9, 0xfb, 0x77, 0x2e, 0xfd, 0x54, 0x0d, + 0xb8, 0x25, 0x24, 0xa0, 0xa3, 0xab, 0xe5, 0x94, 0x0b, 0x54, 0xe7, 0x39, 0xa1, 0xaf, 0x13, + 0x49, 0xbb, + ]; + const TEST_CTN_5: &[u8] = &[ + 0x27, 0xd1, 0x5a, 0x9e, 0xd9, 0xff, 0x58, 0x45, 0x70, 0x6d, 0xeb, 0x15, 0x58, 0x69, 0xe4, + 0x8b, 0xb3, 0x41, 0x9f, 0xd1, 0x2d, 0x3f, 0xe4, 0x1f, 0xa1, 0x93, 0xe6, 0xb6, 0x6f, 0x4a, + 0xe1, 0x96, + ]; + + macro_rules! as_ts { + ($systime: expr) => { + $systime + .duration_since(std::time::SystemTime::UNIX_EPOCH) + .unwrap() + .as_secs() + }; + } + + #[test] + fn encode() { + use std::time::{Duration, SystemTime}; + let bytes_to_system_time = |ts: u64| { + SystemTime::UNIX_EPOCH + .checked_add(Duration::from_secs(ts)) + .unwrap() + }; + let mut lst = InputKeyMaterialList::new(); + let _ = lst.add_ikm(); + lst.ikm_lst[0].content = TEST_CTN_0.to_vec(); + lst.ikm_lst[0].created_at = bytes_to_system_time(1554114102); + lst.ikm_lst[0].expire_at = bytes_to_system_time(1585736502); + lst.ikm_lst[0].is_revoked = true; + let _ = lst.add_ikm(); + lst.ikm_lst[1].content = TEST_CTN_1.to_vec(); + lst.ikm_lst[1].created_at = bytes_to_system_time(1584008502); + lst.ikm_lst[1].expire_at = bytes_to_system_time(1615544502); + let _ = lst.add_ikm(); + lst.ikm_lst[2].content = TEST_CTN_2.to_vec(); + lst.ikm_lst[2].created_at = bytes_to_system_time(1613902902); + lst.ikm_lst[2].expire_at = bytes_to_system_time(6630459702); + let _ = lst.add_ikm(); + lst.ikm_lst[3].content = TEST_CTN_3.to_vec(); + lst.ikm_lst[3].created_at = bytes_to_system_time(1643538102); + lst.ikm_lst[3].expire_at = bytes_to_system_time(1673346102); + let _ = lst.add_ikm(); + lst.ikm_lst[4].content = TEST_CTN_4.to_vec(); + lst.ikm_lst[4].created_at = bytes_to_system_time(6640568502); + lst.ikm_lst[4].expire_at = bytes_to_system_time(6678152502); + lst.ikm_lst[4].is_revoked = true; + let _ = lst.add_ikm(); + lst.ikm_lst[5].content = TEST_CTN_5.to_vec(); + lst.ikm_lst[5].created_at = bytes_to_system_time(3156574902); + lst.ikm_lst[5].expire_at = bytes_to_system_time(6646616502); + + let s = super::encode_ikm_list(&lst).unwrap(); + assert_eq!(s, TEST_STR); + } + + #[test] + fn decode() { + let res = super::decode_ikm_list(TEST_STR); + assert!(res.is_ok(), "res: {res:?}"); + let lst = res.unwrap(); + assert_eq!(lst.id_counter, 6); + assert_eq!(lst.ikm_lst[0].id, 1); + assert_eq!(lst.ikm_lst[0].content, TEST_CTN_0); + assert_eq!(as_ts!(lst.ikm_lst[0].created_at), 1554114102); + assert_eq!(as_ts!(lst.ikm_lst[0].expire_at), 1585736502); + assert_eq!(lst.ikm_lst[0].is_revoked, true); + assert_eq!(lst.ikm_lst[1].id, 2); + assert_eq!(lst.ikm_lst[1].content, TEST_CTN_1); + assert_eq!(as_ts!(lst.ikm_lst[1].created_at), 1584008502); + assert_eq!(as_ts!(lst.ikm_lst[1].expire_at), 1615544502); + assert_eq!(lst.ikm_lst[1].is_revoked, false); + assert_eq!(lst.ikm_lst[2].id, 3); + assert_eq!(lst.ikm_lst[2].content, TEST_CTN_2); + assert_eq!(as_ts!(lst.ikm_lst[2].created_at), 1613902902); + assert_eq!(as_ts!(lst.ikm_lst[2].expire_at), 6630459702); + assert_eq!(lst.ikm_lst[2].is_revoked, false); + assert_eq!(lst.ikm_lst[3].id, 4); + assert_eq!(lst.ikm_lst[3].content, TEST_CTN_3); + assert_eq!(as_ts!(lst.ikm_lst[3].created_at), 1643538102); + assert_eq!(as_ts!(lst.ikm_lst[3].expire_at), 1673346102); + assert_eq!(lst.ikm_lst[3].is_revoked, false); + assert_eq!(lst.ikm_lst[4].id, 5); + assert_eq!(lst.ikm_lst[4].content, TEST_CTN_4); + assert_eq!(as_ts!(lst.ikm_lst[4].created_at), 6640568502); + assert_eq!(as_ts!(lst.ikm_lst[4].expire_at), 6678152502); + assert_eq!(lst.ikm_lst[4].is_revoked, true); + assert_eq!(lst.ikm_lst[5].id, 6); + assert_eq!(lst.ikm_lst[5].content, TEST_CTN_5); + assert_eq!(as_ts!(lst.ikm_lst[5].created_at), 3156574902); + assert_eq!(as_ts!(lst.ikm_lst[5].expire_at), 6646616502); + assert_eq!(lst.ikm_lst[5].is_revoked, false); + } + + #[test] + fn encode_decode() { + let mut lst = InputKeyMaterialList::new(); + let _ = lst.add_ikm(); + let _ = lst.add_ikm(); + let _ = lst.add_ikm(); + + let res = super::encode_ikm_list(&lst); + assert!(res.is_ok(), "res: {res:?}"); + let s = res.unwrap(); + assert!(s.starts_with("AwAAAA:")); + assert_eq!(s.len(), 237); + + let res = super::decode_ikm_list(&s); + assert!(res.is_ok(), "res: {res:?}"); + let lst2 = res.unwrap(); + assert_eq!(lst.id_counter, lst2.id_counter); + for i in 0..3 { + assert_eq!(lst.ikm_lst[i].id, lst2.ikm_lst[i].id); + assert_eq!(lst.ikm_lst[i].scheme, lst2.ikm_lst[i].scheme); + assert_eq!(lst.ikm_lst[i].content, lst2.ikm_lst[i].content); + assert_eq!( + as_ts!(lst.ikm_lst[i].created_at), + as_ts!(lst2.ikm_lst[i].created_at) + ); + assert_eq!( + as_ts!(lst.ikm_lst[i].expire_at), + as_ts!(lst2.ikm_lst[i].expire_at) + ); + assert_eq!(lst.ikm_lst[i].is_revoked, lst2.ikm_lst[i].is_revoked); + } + } + + #[test] + fn decode_invalid() { + let tests = &[ + ("", "empty ikm"), + ( + "AAAA:AQAAAAEAAACUAPcqngJ46_HMtJSdIw-WeUtImcCVxOA47n6UIN5K2TbmoVwAAAAANmuEXgAAAAAB", + "invalid id", + ), + ( + ":AQAAAAEAAACUAPcqngJ46_HMtJSdIw-WeUtImcCVxOA47n6UIN5K2TbmoVwAAAAANmuEXgAAAAAB", + "empty id", + ), + ( + "AQAAAAEAAACUAPcqngJ46_HMtJSdIw-WeUtImcCVxOA47n6UIN5K2TbmoVwAAAAANmuEXgAAAAAB", + "no id", + ), + ( + "BgAAAA:AQAAAAEAAACUAPcqngJ46_HMtJSdIw-WeUtImcCVxOA47", + "invalid ikm", + ), + ("BgAAAA:", "empty ikm"), + ]; + for (s, error_str) in tests { + let res = super::decode_ikm_list(s); + assert!(res.is_err(), "failed error detection: {error_str}"); + } + } +} + +#[cfg(test)] +mod ciphers { use crate::ikm::IkmId; use crate::storage::EncryptedData; const TEST_STR: &str = "KgAAAA:a5SpjAoqhvuI9n3GPhDKuotqoLbf7_Fb:TI24Wr_g-ZV7_X1oHqVKak9iRlQSneYVOMWB-3Lp-hFHKfxfnY-zR_bN"; + const TEST_STR_T: &str = "KgAAAA:a5SpjAoqhvuI9n3GPhDKuotqoLbf7_Fb:TI24Wr_g-ZV7_X1oHqVKak9iRlQSneYVOMWB-3Lp-hFHKfxfnY-zR_bN:NaAAAAAAAAA"; const TEST_IKM_ID: IkmId = 42; const TEST_NONCE: &'static [u8] = &[ 0x6b, 0x94, 0xa9, 0x8c, 0x0a, 0x2a, 0x86, 0xfb, 0x88, 0xf6, 0x7d, 0xc6, 0x3e, 0x10, 0xca, @@ -123,7 +309,7 @@ mod tests { ]; #[test] - fn encode_cipher() { + fn encode() { let data = EncryptedData { nonce: TEST_NONCE.into(), ciphertext: TEST_CIPHERTEXT.into(), @@ -133,7 +319,7 @@ mod tests { } #[test] - fn decode_cipher() { + fn decode() { let res = super::decode_cipher(TEST_STR); assert!(res.is_ok(), "res: {res:?}"); let (id, data, tp) = res.unwrap(); @@ -141,10 +327,18 @@ mod tests { assert_eq!(data.nonce, TEST_NONCE); assert_eq!(data.ciphertext, TEST_CIPHERTEXT); assert_eq!(tp, None); + + let res = super::decode_cipher(TEST_STR_T); + assert!(res.is_ok(), "res: {res:?}"); + let (id, data, tp) = res.unwrap(); + assert_eq!(id, TEST_IKM_ID); + assert_eq!(data.nonce, TEST_NONCE); + assert_eq!(data.ciphertext, TEST_CIPHERTEXT); + assert_eq!(tp, Some(41013)); } #[test] - fn encode_decode_cipher() { + fn encode_decode() { let data = EncryptedData { nonce: TEST_NONCE.into(), ciphertext: TEST_CIPHERTEXT.into(), @@ -158,18 +352,14 @@ mod tests { } #[test] - fn decode_encode_cipher() { + fn decode_encode() { let (id, data, tp) = super::decode_cipher(TEST_STR).unwrap(); let s = super::encode_cipher(id, &data, tp); assert_eq!(&s, TEST_STR); } #[test] - fn decode_invalid_cipher() { - let valid_tests = &[ - "KgAAAA:a5SpjAoqhvuI9n3GPhDKuotqoLbf7_Fb:TI24Wr_g-ZV7_X1oHqVKak9iRlQSneYVOMWB-3Lp-hFHKfxfnY-zR_bN", - "KgAAAA:a5SpjAoqhvuI9n3GPhDKuotqoLbf7_Fb:TI24Wr_g-ZV7_X1oHqVKak9iRlQSneYVOMWB-3Lp-hFHKfxfnY-zR_bN:NaAAAAAAAAA", - ]; + fn decode_invalid() { let invalid_tests = &[ // Missing parts ("", "empty data 1"), @@ -197,10 +387,6 @@ mod tests { ("KgAAAA:a5SpjAoqhvuI9n3GPhDKuotqoLbf7_Fb:TI24Wr_g-ZV7_X1oHqVKak9iRlQSneYVOMWB-3Lp-hFHKfxfnY-zR", "invalid ciphertext data length"), ("KgAAAA:a5SpjAoqhvuI9n3GPhDKuotqoLbf7_Fb:TI24Wr_g-ZV7_X1oHqVKak9iRlQSneYVOMWB-3Lp-hFHKfxfnY-zR_bN:AQAAAA", "invalid time period length"), ]; - for ciphertext in valid_tests { - let res = super::decode_cipher(ciphertext); - assert!(res.is_ok(), "invalid reference ciphertext"); - } for (ciphertext, error_str) in invalid_tests { let res = super::decode_cipher(ciphertext); assert!(res.is_err(), "failed error detection: {error_str}");