54 lines
1.9 KiB
Kotlin
54 lines
1.9 KiB
Kotlin
|
|
package no.naiv.meddetsamme.backup
|
||
|
|
|
||
|
|
import javax.crypto.AEADBadTagException
|
||
|
|
import org.junit.Assert.assertArrayEquals
|
||
|
|
import org.junit.Assert.assertEquals
|
||
|
|
import org.junit.Assert.assertFalse
|
||
|
|
import org.junit.Assert.assertThrows
|
||
|
|
import org.junit.Assert.assertTrue
|
||
|
|
import org.junit.Test
|
||
|
|
|
||
|
|
class JceBackupCryptoTest {
|
||
|
|
|
||
|
|
private val plaintext = """{"version":1,"medications":[]}""".toByteArray()
|
||
|
|
private val passphrase = "korrekt hest batteri stift".toCharArray()
|
||
|
|
|
||
|
|
@Test
|
||
|
|
fun `round trip with correct passphrase`() {
|
||
|
|
val ct = JceBackupCrypto.encrypt(plaintext, passphrase)
|
||
|
|
assertArrayEquals(plaintext, JceBackupCrypto.decrypt(ct, passphrase))
|
||
|
|
}
|
||
|
|
|
||
|
|
@Test
|
||
|
|
fun `wrong passphrase fails authentication, not garbage output`() {
|
||
|
|
val ct = JceBackupCrypto.encrypt(plaintext, passphrase)
|
||
|
|
assertThrows(AEADBadTagException::class.java) {
|
||
|
|
JceBackupCrypto.decrypt(ct, "feil passord".toCharArray())
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
@Test
|
||
|
|
fun `tampered ciphertext fails authentication`() {
|
||
|
|
val ct = JceBackupCrypto.encrypt(plaintext, passphrase)
|
||
|
|
ct[ct.size - 5] = (ct[ct.size - 5].toInt() xor 1).toByte()
|
||
|
|
assertThrows(AEADBadTagException::class.java) {
|
||
|
|
JceBackupCrypto.decrypt(ct, passphrase)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
@Test
|
||
|
|
fun `format detection by magic`() {
|
||
|
|
val ct = JceBackupCrypto.encrypt(plaintext, passphrase)
|
||
|
|
assertTrue(JceBackupCrypto.matches(ct))
|
||
|
|
assertFalse(JceBackupCrypto.matches(plaintext))
|
||
|
|
assertEquals(JceBackupCrypto, BackupCrypto.detect(ct))
|
||
|
|
assertEquals(null, BackupCrypto.detect(plaintext))
|
||
|
|
}
|
||
|
|
|
||
|
|
@Test
|
||
|
|
fun `fresh salt and IV every time`() {
|
||
|
|
val a = JceBackupCrypto.encrypt(plaintext, passphrase)
|
||
|
|
val b = JceBackupCrypto.encrypt(plaintext, passphrase)
|
||
|
|
assertFalse(a.contentEquals(b)) // deterministic encryption would leak equality
|
||
|
|
}
|
||
|
|
}
|