package macaroon
import (
"crypto/rand"
"fmt"
"golang.org/x/crypto/nacl/secretbox"
gc "gopkg.in/check.v1"
)
type cryptoSuite struct{}
var _ = gc.Suite(&cryptoSuite{})
var testCryptKey = &[hashLen]byte{'k', 'e', 'y'}
var testCryptText = &[hashLen]byte{'t', 'e', 'x', 't'}
func (*cryptoSuite) TestEncDec(c *gc.C) {
b, err := encrypt(testCryptKey, testCryptText, rand.Reader)
c.Assert(err, gc.IsNil)
t, err := decrypt(testCryptKey, b)
c.Assert(err, gc.IsNil)
c.Assert(string(t[:]), gc.Equals, string(testCryptText[:]))
}
func (*cryptoSuite) TestUniqueNonces(c *gc.C) {
nonces := make(map[string]struct{})
for i := 0; i < 100; i++ {
nonce, err := newNonce(rand.Reader)
c.Assert(err, gc.IsNil)
nonces[string(nonce[:])] = struct{}{}
}
c.Assert(nonces, gc.HasLen, 100, gc.Commentf("duplicate nonce detected"))
}
type ErrorReader struct{}
func (*ErrorReader) Read([]byte) (int, error) {
return 0, fmt.Errorf("fail")
}
func (*cryptoSuite) TestBadRandom(c *gc.C) {
_, err := newNonce(&ErrorReader{})
c.Assert(err, gc.ErrorMatches, "^cannot generate random bytes:.*")
_, err = encrypt(testCryptKey, testCryptText, &ErrorReader{})
c.Assert(err, gc.ErrorMatches, "^cannot generate random bytes:.*")
}
func (*cryptoSuite) TestBadCiphertext(c *gc.C) {
buf := randomBytes(nonceLen + secretbox.Overhead)
for i := range buf {
_, err := decrypt(testCryptKey, buf[0:i])
c.Assert(err, gc.ErrorMatches, "message too short")
}
_, err := decrypt(testCryptKey, buf)
c.Assert(err, gc.ErrorMatches, "decryption failure")
}
func randomBytes(n int) []byte {
buf := make([]byte, n)
if _, err := rand.Reader.Read(buf); err != nil {
panic(err)
}
return buf
}