lnd/lnencrypt/crypto_test.go

package lnencrypt

import (
	"bytes"
	"testing"

	"github.com/stretchr/testify/require"
)

// TestEncryptDecryptPayload tests that given a static key, we're able to
// properly decrypt and encrypted payload. We also test that we'll reject a
// ciphertext that has been modified.
func TestEncryptDecryptPayload(t *testing.T) {
	t.Parallel()

	payloadCases := []struct {
		// plaintext is the string that we'll be encrypting.
		plaintext []byte

		// mutator allows a test case to modify the ciphertext before
		// we attempt to decrypt it.
		mutator func(*[]byte)

		// valid indicates if this test should pass or fail.
		valid bool
	}{
		// Proper payload, should decrypt.
		{
			plaintext: []byte("payload test plain text"),
			mutator:   nil,
			valid:     true,
		},

		// Mutator modifies cipher text, shouldn't decrypt.
		{
			plaintext: []byte("payload test plain text"),
			mutator: func(p *[]byte) {
				// Flip a byte in the payload to render it invalid.
				(*p)[0] ^= 1
			},
			valid: false,
		},

		// Cipher text is too small, shouldn't decrypt.
		{
			plaintext: []byte("payload test plain text"),
			mutator: func(p *[]byte) {
				// Modify the cipher text to be zero length.
				*p = []byte{}
			},
			valid: false,
		},
	}

	keyRing := &MockKeyRing{}

	for i, payloadCase := range payloadCases {
		var cipherBuffer bytes.Buffer
		encrypter, err := KeyRingEncrypter(keyRing)
		require.NoError(t, err)

		// First, we'll encrypt the passed payload with our scheme.
		err = encrypter.EncryptPayloadToWriter(
			payloadCase.plaintext, &cipherBuffer,
		)
		if err != nil {
			t.Fatalf("unable encrypt paylaod: %v", err)
		}

		// If we have a mutator, then we'll wrong the mutator over the
		// cipher text, then reset the main buffer and re-write the new
		// cipher text.
		if payloadCase.mutator != nil {
			cipherText := cipherBuffer.Bytes()

			payloadCase.mutator(&cipherText)

			cipherBuffer.Reset()
			cipherBuffer.Write(cipherText)
		}

		plaintext, err := encrypter.DecryptPayloadFromReader(
			&cipherBuffer,
		)

		switch {
		// If this was meant to be a valid decryption, but we failed,
		// then we'll return an error.
		case err != nil && payloadCase.valid:
			t.Fatalf("unable to decrypt valid payload case %v", i)

		// If this was meant to be an invalid decryption, and we didn't
		// fail, then we'll return an error.
		case err == nil && !payloadCase.valid:
			t.Fatalf("payload was invalid yet was able to decrypt")
		}

		// Only if this case was mean to be valid will we ensure the
		// resulting decrypted plaintext matches the original input.
		if payloadCase.valid &&
			!bytes.Equal(plaintext, payloadCase.plaintext) {
			t.Fatalf("#%v: expected %v, got %v: ", i,
				payloadCase.plaintext, plaintext)
		}
	}
}

// TestInvalidKeyGeneration tests that key generation fails when deriving the
// key fails.
func TestInvalidKeyGeneration(t *testing.T) {
	t.Parallel()

	_, err := KeyRingEncrypter(&MockKeyRing{true})
	if err == nil {
		t.Fatal("expected error due to fail key gen")
	}
}
lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`package lnencrypt`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00
			`import (`
			`"bytes"`
			`"testing"`

lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`"github.com/stretchr/testify/require"`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00			`)`

			`// TestEncryptDecryptPayload tests that given a static key, we're able to`
			`// properly decrypt and encrypted payload. We also test that we'll reject a`
			`// ciphertext that has been modified.`
			`func TestEncryptDecryptPayload(t *testing.T) {`
			`t.Parallel()`

			`payloadCases := []struct {`
			`// plaintext is the string that we'll be encrypting.`
			`plaintext []byte`

			`// mutator allows a test case to modify the ciphertext before`
			`// we attempt to decrypt it.`
			`mutator func(*[]byte)`

			`// valid indicates if this test should pass or fail.`
			`valid bool`
			`}{`
			`// Proper payload, should decrypt.`
			`{`
			`plaintext: []byte("payload test plain text"),`
			`mutator: nil,`
			`valid: true,`
			`},`

			`// Mutator modifies cipher text, shouldn't decrypt.`
			`{`
			`plaintext: []byte("payload test plain text"),`
			`mutator: func(p *[]byte) {`
			`// Flip a byte in the payload to render it invalid.`
			`(*p)[0] ^= 1`
			`},`
			`valid: false,`
			`},`

			`// Cipher text is too small, shouldn't decrypt.`
			`{`
			`plaintext: []byte("payload test plain text"),`
			`mutator: func(p *[]byte) {`
			`// Modify the cipher text to be zero length.`
			`*p = []byte{}`
			`},`
			`valid: false,`
			`},`
			`}`

lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`keyRing := &MockKeyRing{}`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00
			`for i, payloadCase := range payloadCases {`
			`var cipherBuffer bytes.Buffer`
lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`encrypter, err := KeyRingEncrypter(keyRing)`
			`require.NoError(t, err)`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00
			`// First, we'll encrypt the passed payload with our scheme.`
lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`err = encrypter.EncryptPayloadToWriter(`
			`payloadCase.plaintext, &cipherBuffer,`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00			`)`
			`if err != nil {`
			`t.Fatalf("unable encrypt paylaod: %v", err)`
			`}`

			`// If we have a mutator, then we'll wrong the mutator over the`
			`// cipher text, then reset the main buffer and re-write the new`
			`// cipher text.`
			`if payloadCase.mutator != nil {`
			`cipherText := cipherBuffer.Bytes()`

			`payloadCase.mutator(&cipherText)`

			`cipherBuffer.Reset()`
			`cipherBuffer.Write(cipherText)`
			`}`

lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`plaintext, err := encrypter.DecryptPayloadFromReader(`
			`&cipherBuffer,`
			`)`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00
			`switch {`
			`// If this was meant to be a valid decryption, but we failed,`
			`// then we'll return an error.`
			`case err != nil && payloadCase.valid:`
			`t.Fatalf("unable to decrypt valid payload case %v", i)`

			`// If this was meant to be an invalid decryption, and we didn't`
			`// fail, then we'll return an error.`
			`case err == nil && !payloadCase.valid:`
			`t.Fatalf("payload was invalid yet was able to decrypt")`
			`}`

			`// Only if this case was mean to be valid will we ensure the`
			`// resulting decrypted plaintext matches the original input.`
			`if payloadCase.valid &&`
			`!bytes.Equal(plaintext, payloadCase.plaintext) {`
			`t.Fatalf("#%v: expected %v, got %v: ", i,`
			`payloadCase.plaintext, plaintext)`
			`}`
			`}`
			`}`

lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`// TestInvalidKeyGeneration tests that key generation fails when deriving the`
			`// key fails.`
			`func TestInvalidKeyGeneration(t *testing.T) {`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00			`t.Parallel()`

lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`_, err := KeyRingEncrypter(&MockKeyRing{true})`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00			`if err == nil {`
lnencrypt: Moves the crypto functions in the chanbackup package into its own package called lnencrypt The functions inside of the crypto.go file in chanbackup (like EncryptPayloadToWriter and DecryptPayloadFromReader) can be used by a lot of things outside of just the chanbackup package. We can't just reference them directly from the chanbackup package because it's likely that it would generate circular dependencies. Therefore we need to move these functions into their own package to be referenced by chanbackup and whatever new functionality that needs them 2020-07-12 05:29:00 +02:00			`t.Fatal("expected error due to fail key gen")`
chanbackup: implement crypto operations for serialized static channel baackups In this commit, we implement a series of new crypto operations that will allow us to encrypt and decrypt a set of serialized channel backups. Their various backups may have distinct encodings when serialized, but to the functions defined in this file, we treat them as simple opaque blobs. For encryption, we utilize chacha20poly1305 with a random 24 byte nonce. We use a larger nonce size as this can be safely generated via a CSPRNG without fear of frequency collisions between nonces generated. To encrypt a blob, we then use this nonce as the AD (associated data) and prepend the nonce to the front of the ciphertext package. For key generation, in order to ensure the user only needs their passphrase and the backup file, we utilize the existing keychain to derive a private key. In order to ensure that at we don't force any hardware signer to be aware of our crypto operations, we instead opt to utilize a public key that will be hashed to derive our private key. The assumption here is that this key will only be exposed to this software, and never derived as a public facing address. 2018-12-10 03:39:31 +01:00			`}`
			`}`