File: enclave_test.go

package info (click to toggle)
golang-github-awnumar-memguard 0.22.5-2
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 572 kB
  • sloc: makefile: 3
file content (122 lines) | stat: -rw-r--r-- 2,573 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
package core

import (
	"bytes"
	"testing"
)

func TestNewEnclave(t *testing.T) {
	// Initialise some sample plaintext.
	data := []byte("yellow submarine")

	// Create the Enclave object from this data.
	e, err := NewEnclave(data)
	if err != nil {
		t.Error(err)
	}

	// Check that the buffer has been wiped.
	if !bytes.Equal(data, make([]byte, 16)) {
		t.Error("data buffer was not wiped")
	}

	// Verify the length of the ciphertext is correct.
	if len(e.ciphertext) != len(data)+Overhead {
		t.Error("ciphertext has unexpected length;", len(e.ciphertext))
	}

	// Attempt with an empty data slice.
	data = make([]byte, 0)
	_, err = NewEnclave(data)
	if err != ErrNullEnclave {
		t.Error("expected ErrNullEnclave; got", err)
	}
}

func TestSeal(t *testing.T) {
	// Create a new buffer for testing with.
	b, err := NewBuffer(32)
	if err != nil {
		t.Error(err)
	}

	// Encrypt it into an Enclave.
	e, err := Seal(b)
	if err != nil {
		t.Error(err)
	}

	// Do a sanity check on the length of the ciphertext.
	if len(e.ciphertext) != 32+Overhead {
		t.Error("ciphertext has unexpected length:", len(e.ciphertext))
	}

	// Check that the buffer was destroyed.
	if b.alive {
		t.Error("buffer was not consumed")
	}

	// Decrypt the enclave into a new buffer.
	buf, err := Open(e)
	if err != nil {
		t.Error(err)
	}

	// Check that the decrypted data is correct.
	if !bytes.Equal(buf.Data(), make([]byte, 32)) {
		t.Error("decrypted data does not match original")
	}

	// Attempt sealing the destroyed buffer.
	e, err = Seal(b)
	if err != ErrBufferExpired {
		t.Error("expected ErrBufferExpired; got", err)
	}
	if e != nil {
		t.Error("expected nil enclave in error case")
	}

	// Destroy the hanging buffer.
	buf.Destroy()
}

func TestOpen(t *testing.T) {
	// Initialise an enclave to test on.
	data := []byte("yellow submarine")
	e, err := NewEnclave(data)
	if err != nil {
		t.Error(err)
	}

	// Open it.
	buf, err := Open(e)
	if err != nil {
		t.Error(err)
	}

	// Sanity check the output.
	if !bytes.Equal(buf.Data(), []byte("yellow submarine")) {
		t.Error("decrypted data does not match original")
	}
	buf.Destroy()

	// Modify the ciphertext to trigger an error case.
	for i := range e.ciphertext {
		e.ciphertext[i] = 0xdb
	}

	// Check for the error.
	buf, err = Open(e)
	if err != ErrDecryptionFailed {
		t.Error("expected decryption error; got", err)
	}
	if buf != nil {
		t.Error("expected nil buffer in error case")
	}
}

func TestEnclaveSize(t *testing.T) {
	if EnclaveSize(&Enclave{make([]byte, 1234)}) != 1234-Overhead {
		t.Error("invalid enclave size")
	}
}