mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
426 Commits
37 Branches
98 Tags
51 MiB
 
 
 
 
 
 
Tree: 02bf115026
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '02bf115026'
${ noResults }
dex/pkg/crypto/encrypt_test.go

128 lines
2.8 KiB
Raw Blame History

package crypto
import (
"bytes"
"reflect"
"testing"
)
func TestPadUnpad(t *testing.T) {
tests := []struct {
plaintext []byte
bsize int
padded []byte
}{
{
plaintext: []byte{1, 2, 3, 4},
bsize: 7,
padded: []byte{1, 2, 3, 4, 3, 3, 3},
},
{
plaintext: []byte{1, 2, 3, 4, 5, 6, 7},
bsize: 3,
padded: []byte{1, 2, 3, 4, 5, 6, 7, 2, 2},
},
{
plaintext: []byte{9, 9, 9, 9},
bsize: 4,
padded: []byte{9, 9, 9, 9, 4, 4, 4, 4},
},
}
for i, tt := range tests {
padded, err := pad(tt.plaintext, tt.bsize)
if err != nil {
t.Errorf("case %d: unexpected error: %v", i, err)
continue
}
if !reflect.DeepEqual(tt.padded, padded) {
t.Errorf("case %d: want=%v got=%v", i, tt.padded, padded)
continue
}
plaintext, err := unpad(tt.padded)
if err != nil {
t.Errorf("case %d: unexpected error: %v", i, err)
continue
}
if !reflect.DeepEqual(tt.plaintext, plaintext) {
t.Errorf("case %d: want=%v got=%v", i, tt.plaintext, plaintext)
continue
}
}
}
func TestPadMaxBlockSize(t *testing.T) {
_, err := pad([]byte{1, 2, 3}, 256)
if err == nil {
t.Errorf("Expected non-nil error")
}
}
func TestAESEncryptDecrypt(t *testing.T) {
message := []byte("Let me worry about blank.")
key := append([]byte("shark"), make([]byte, 27)...)
ciphertext, err := AESEncrypt(message, key)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
if reflect.DeepEqual(message, ciphertext) {
t.Fatal("Encrypted data matches original payload")
}
decrypted, err := AESDecrypt(ciphertext, key)
if !reflect.DeepEqual(message, decrypted) {
t.Fatalf("Decrypted data does not match original payload: want=%v got=%v", message, decrypted)
}
}
func TestAESDecryptWrongKey(t *testing.T) {
message := []byte("My bones!")
key := append([]byte("shark"), make([]byte, 27)...)
ciphertext, err := AESEncrypt(message, key)
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
wrongKey := append([]byte("sheep"), make([]byte, 27)...)
decrypted, _ := AESDecrypt(ciphertext, wrongKey)
if reflect.DeepEqual(message, decrypted) {
t.Fatalf("Data decrypted with different key matches original payload")
}
}
func TestEncryptDecryptGCM(t *testing.T) {
gcmTests := []struct {
plaintext []byte
key []byte
}{
{
plaintext: []byte("Hello, world!"),
key: append([]byte("shark"), make([]byte, 27)...),
},
}
for _, tt := range gcmTests {
ciphertext, err := Encrypt(tt.plaintext, tt.key)
if err != nil {
t.Fatal(err)
}
plaintext, err := Decrypt(ciphertext, tt.key)
if err != nil {
t.Fatal(err)
}
if !bytes.Equal(plaintext, tt.plaintext) {
t.Errorf("plaintexts don't match")
}
ciphertext[0] ^= 0xff
plaintext, err = Decrypt(ciphertext, tt.key)
if err == nil {
t.Errorf("gcmOpen should not have worked, but did")
}
}
}