mirror of
https://github.com/sonr-io/crypto.git
synced 2026-01-11 20:08:57 +00:00
308 lines
8.6 KiB
Go
308 lines
8.6 KiB
Go
package mpc
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/hex"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestEnclaveData_GetData(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Ensure the data is the same instance
|
|
assert.Equal(t, enclave, data.GetEnclave())
|
|
|
|
// Ensure the data is valid
|
|
assert.True(t, data.IsValid())
|
|
}
|
|
|
|
func TestEnclaveData_GetEnclave(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Get the enclave back
|
|
returnedEnclave := data.GetEnclave()
|
|
require.NotNil(t, returnedEnclave)
|
|
|
|
// Verify the returned enclave is the same
|
|
assert.Equal(t, enclave, returnedEnclave)
|
|
}
|
|
|
|
func TestEnclaveData_GetPubPoint(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Get the public point
|
|
pubPoint, err := data.GetPubPoint()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, pubPoint)
|
|
|
|
// Verify the public point's serialization matches the stored public bytes
|
|
pointBytes := pubPoint.ToAffineUncompressed()
|
|
assert.Equal(t, data.PubBytes, pointBytes)
|
|
}
|
|
|
|
func TestEnclaveData_PubKeyHex(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Get the public key hex
|
|
pubKeyHex := data.PubKeyHex()
|
|
require.NotEmpty(t, pubKeyHex)
|
|
|
|
// Verify it's a valid hex string
|
|
_, err = hex.DecodeString(pubKeyHex)
|
|
require.NoError(t, err)
|
|
|
|
// Verify it matches the stored PubHex
|
|
assert.Equal(t, data.PubHex, pubKeyHex)
|
|
}
|
|
|
|
func TestEnclaveData_PubKeyBytes(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Get the public key bytes
|
|
pubKeyBytes := data.PubKeyBytes()
|
|
require.NotEmpty(t, pubKeyBytes)
|
|
|
|
// Verify it matches the stored PubBytes
|
|
assert.Equal(t, data.PubBytes, pubKeyBytes)
|
|
}
|
|
|
|
func TestEnclaveData_EncryptDecrypt(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Test key for encryption/decryption
|
|
testKey := []byte("test-key-12345678-test-key-123456")
|
|
|
|
// Test encryption
|
|
encrypted, err := data.Encrypt(testKey)
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, encrypted)
|
|
|
|
// Test decryption
|
|
decrypted, err := data.Decrypt(testKey, encrypted)
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, decrypted)
|
|
|
|
// Serialize the original data for comparison
|
|
originalData, err := data.Marshal()
|
|
require.NoError(t, err)
|
|
|
|
// Verify the decrypted data matches the original
|
|
assert.Equal(t, originalData, decrypted)
|
|
|
|
// Test decryption with wrong key (should fail)
|
|
wrongKey := []byte("wrong-key-12345678-wrong-key-123456")
|
|
_, err = data.Decrypt(wrongKey, encrypted)
|
|
assert.Error(t, err, "Decryption with wrong key should fail")
|
|
}
|
|
|
|
func TestEnclaveData_IsValid(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Verify it's valid
|
|
assert.True(t, data.IsValid())
|
|
|
|
// Create an invalid enclave
|
|
invalidEnclave := &EnclaveData{
|
|
PubHex: "invalid",
|
|
PubBytes: []byte("invalid"),
|
|
Nonce: []byte("nonce"),
|
|
Curve: K256Name,
|
|
}
|
|
|
|
// Verify it's invalid
|
|
assert.False(t, invalidEnclave.IsValid())
|
|
}
|
|
|
|
func TestEnclaveData_RefreshAndSign(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the original public key
|
|
originalPubKeyHex := enclave.PubKeyHex()
|
|
originalPubKeyBytes := enclave.PubKeyBytes()
|
|
require.NotEmpty(t, originalPubKeyHex)
|
|
require.NotEmpty(t, originalPubKeyBytes)
|
|
|
|
// Sign a message with the original enclave to verify it works
|
|
testMessage := []byte("test message before refresh")
|
|
originalSignature, err := enclave.Sign(testMessage)
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, originalSignature)
|
|
|
|
// Verify the original signature
|
|
valid, err := enclave.Verify(testMessage, originalSignature)
|
|
require.NoError(t, err)
|
|
assert.True(t, valid, "Original signature should be valid")
|
|
|
|
// Refresh the enclave
|
|
refreshedEnclave, err := enclave.Refresh()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, refreshedEnclave)
|
|
|
|
// CRITICAL TEST: The public key should remain the same after refresh
|
|
refreshedPubKeyHex := refreshedEnclave.PubKeyHex()
|
|
refreshedPubKeyBytes := refreshedEnclave.PubKeyBytes()
|
|
|
|
assert.Equal(t, originalPubKeyHex, refreshedPubKeyHex,
|
|
"Public key hex should not change after refresh")
|
|
assert.Equal(t, originalPubKeyBytes, refreshedPubKeyBytes,
|
|
"Public key bytes should not change after refresh")
|
|
|
|
// Verify the refreshed enclave is valid
|
|
assert.True(t, refreshedEnclave.IsValid(), "Refreshed enclave should be valid")
|
|
|
|
// Test that the refreshed enclave can still sign messages
|
|
testMessage2 := []byte("test message after refresh")
|
|
refreshedSignature, err := refreshedEnclave.Sign(testMessage2)
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, refreshedSignature)
|
|
|
|
// Verify the signature from the refreshed enclave with its own key
|
|
valid, err = refreshedEnclave.Verify(testMessage2, refreshedSignature)
|
|
require.NoError(t, err)
|
|
assert.True(t, valid, "Signature from refreshed enclave should be valid")
|
|
|
|
// CRITICAL TEST: The original enclave should be able to verify the signature
|
|
// from the refreshed enclave since they have the same public key
|
|
valid, err = enclave.Verify(testMessage2, refreshedSignature)
|
|
require.NoError(t, err)
|
|
assert.True(t, valid, "Original enclave should be able to verify refreshed enclave's signature")
|
|
|
|
// CRITICAL TEST: The refreshed enclave should be able to verify the signature
|
|
// from the original enclave since they have the same public key
|
|
valid, err = refreshedEnclave.Verify(testMessage, originalSignature)
|
|
require.NoError(t, err)
|
|
assert.True(t, valid, "Refreshed enclave should be able to verify original enclave's signature")
|
|
|
|
// Test with wrong message (should fail)
|
|
wrongMessage := []byte("wrong message")
|
|
valid, err = refreshedEnclave.Verify(wrongMessage, refreshedSignature)
|
|
require.NoError(t, err)
|
|
assert.False(t, valid, "Wrong message verification should fail")
|
|
}
|
|
|
|
func TestEnclaveData_MarshalUnmarshal(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Get the enclave data
|
|
data := enclave.GetData()
|
|
require.NotNil(t, data)
|
|
|
|
// Marshal the enclave
|
|
encoded, err := data.Marshal()
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, encoded)
|
|
|
|
// Create a new empty enclave
|
|
newEnclave := &EnclaveData{}
|
|
|
|
// Unmarshal the encoded data
|
|
err = newEnclave.Unmarshal(encoded)
|
|
require.NoError(t, err)
|
|
|
|
// Verify the unmarshaled enclave matches the original
|
|
assert.Equal(t, data.PubHex, newEnclave.PubHex)
|
|
assert.Equal(t, data.Curve, newEnclave.Curve)
|
|
assert.True(t, bytes.Equal(data.PubBytes, newEnclave.PubBytes))
|
|
assert.True(t, bytes.Equal(data.Nonce, newEnclave.Nonce))
|
|
assert.True(t, newEnclave.IsValid())
|
|
|
|
// Verify the public key matches
|
|
assert.Equal(t, data.PubKeyHex(), newEnclave.PubKeyHex())
|
|
}
|
|
|
|
func TestEnclaveData_Verify(t *testing.T) {
|
|
// Create a new enclave
|
|
enclave, err := NewEnclave()
|
|
require.NoError(t, err)
|
|
require.NotNil(t, enclave)
|
|
|
|
// Sign a message
|
|
testMessage := []byte("test message")
|
|
signature, err := enclave.Sign(testMessage)
|
|
require.NoError(t, err)
|
|
require.NotEmpty(t, signature)
|
|
|
|
// Verify the signature
|
|
valid, err := enclave.Verify(testMessage, signature)
|
|
require.NoError(t, err)
|
|
assert.True(t, valid)
|
|
|
|
// Verify with wrong message
|
|
wrongMessage := []byte("wrong message")
|
|
valid, err = enclave.Verify(wrongMessage, signature)
|
|
require.NoError(t, err)
|
|
assert.False(t, valid)
|
|
|
|
// Corrupt the signature
|
|
corruptedSig := make([]byte, len(signature))
|
|
copy(corruptedSig, signature)
|
|
corruptedSig[0] ^= 0x01 // flip a bit
|
|
|
|
// Verify with corrupted signature (should fail)
|
|
valid, err = enclave.Verify(testMessage, corruptedSig)
|
|
require.NoError(t, err)
|
|
assert.False(t, valid)
|
|
|
|
// We don't need to manually create ECDSA signatures here
|
|
// as we already verified the Sign and Verify functions work together.
|
|
// This completes the verification of the enclave's signature functionality.
|
|
}
|