From 6d4eb8e69b6ad433167d9cdc5368cd604975ab86 Mon Sep 17 00:00:00 2001
From: Brian Warner <warner@lothar.com>
Date: Tue, 21 Aug 2018 10:12:23 -0700
Subject: [PATCH] add test_keys to nail down symmetric encryption format

This establishes what our mailbox protocol does to encrypt the
individual (post-SPAKE2) messages, which combines NaCl SecretBox and our own
key-derivation choices. I'd like to move off of NaCl/libsodium and I think
some RFC7539-implementing library might be compatible, and with these test
vectors I can check that. I also want to copy these tests into the Rust port.
---
 src/wormhole/test/test_keys.py     | 83 ++++++++++++++++++++++++++++++
 src/wormhole/test/test_machines.py |  5 --
 2 files changed, 83 insertions(+), 5 deletions(-)
 create mode 100644 src/wormhole/test/test_keys.py

diff --git a/src/wormhole/test/test_keys.py b/src/wormhole/test/test_keys.py
new file mode 100644
index 0000000..1b28ff1
--- /dev/null
+++ b/src/wormhole/test/test_keys.py
@@ -0,0 +1,83 @@
+from __future__ import print_function, unicode_literals
+
+import mock
+
+from twisted.trial import unittest
+
+from .._key import derive_key, derive_phase_key, encrypt_data, decrypt_data
+from ..util import bytes_to_hexstr, hexstr_to_bytes
+
+
+class Derive(unittest.TestCase):
+    def test_derive_errors(self):
+        self.assertRaises(TypeError, derive_key, 123, b"purpose")
+        self.assertRaises(TypeError, derive_key, b"key", 123)
+        self.assertRaises(TypeError, derive_key, b"key", b"purpose", "not len")
+
+    def test_derive_key(self):
+        m = "588ba9eef353778b074413a0140205d90d7479e36e0dd4ee35bb729d26131ef1"
+        main = hexstr_to_bytes(m)
+
+        dk1 = derive_key(main, b"purpose1")
+        self.assertEqual(bytes_to_hexstr(dk1),
+                         "835b5df80ce9ca46908e8524fb308649"
+                         "122cfbcefbeaa7e65061c6ef08ee1b2a")
+
+        dk2 = derive_key(main, b"purpose2", 10)
+        self.assertEqual(bytes_to_hexstr(dk2), "f2238e84315b47eb6279")
+
+    def test_derive_phase_key(self):
+        m = "588ba9eef353778b074413a0140205d90d7479e36e0dd4ee35bb729d26131ef1"
+        main = hexstr_to_bytes(m)
+
+        dk11 = derive_phase_key(main, "side1", "phase1")
+        self.assertEqual(bytes_to_hexstr(dk11),
+                         "3af6a61d1a111225cc8968c6ca6265ef"
+                         "e892065c3ab46de79dda21306b062990")
+
+        dk12 = derive_phase_key(main, "side1", "phase2")
+        self.assertEqual(bytes_to_hexstr(dk12),
+                         "88a1dd12182d989ff498022a9656d1e2"
+                         "806f17328d8bf5d8d0c9753e4381a752")
+
+        dk21 = derive_phase_key(main, "side2", "phase1")
+        self.assertEqual(bytes_to_hexstr(dk21),
+                         "a306627b436ec23bdae3af8fa90c9ac9"
+                         "27780d86be1831003e7f617c518ea689")
+
+        dk22 = derive_phase_key(main, "side2", "phase2")
+        self.assertEqual(bytes_to_hexstr(dk22),
+                         "bf99e3e16420f2dad33f9b1ccb0be146"
+                         "2b253d639dacdb50ed9496fa528d8758")
+
+
+class Encrypt(unittest.TestCase):
+    def test_encrypt(self):
+        k = "ddc543ef8e4629a603d39dd0307a51bb1e7adb9cb259f6b085c91d0842a18679"
+        key = hexstr_to_bytes(k)
+        plaintext = hexstr_to_bytes("edc089a518219ec1cee184e89d2d37af")
+        self.assertEqual(len(plaintext), 16)
+        nonce = hexstr_to_bytes("2d5e43eb465aa42e750f991e425bee48"
+                                "5f06abad7e04af80")
+        self.assertEqual(len(nonce), 24)
+        with mock.patch("nacl.utils.random", return_value=nonce):
+            encrypted = encrypt_data(key, plaintext)
+        self.assertEqual(len(encrypted), 24 + 16 + 16)
+        self.assertEqual(bytes_to_hexstr(encrypted),
+                         "2d5e43eb465aa42e750f991e425bee48"
+                         "5f06abad7e04af80fe318e39d0e4ce93"
+                         "2d2b54b300c56d2cda55ee5f0488d63e"
+                         "b1d5f76f7919a49a")
+
+    def test_decrypt(self):
+        k = "ddc543ef8e4629a603d39dd0307a51bb1e7adb9cb259f6b085c91d0842a18679"
+        key = hexstr_to_bytes(k)
+        encrypted = hexstr_to_bytes("2d5e43eb465aa42e750f991e425bee48"
+                                    "5f06abad7e04af80fe318e39d0e4ce93"
+                                    "2d2b54b300c56d2cda55ee5f0488d63e"
+                                    "b1d5f76f7919a49a")
+
+        decrypted = decrypt_data(key, encrypted)
+        self.assertEqual(len(decrypted), len(encrypted) - 24 - 16)
+        self.assertEqual(bytes_to_hexstr(decrypted),
+                         "edc089a518219ec1cee184e89d2d37af")
diff --git a/src/wormhole/test/test_machines.py b/src/wormhole/test/test_machines.py
index 8227580..860b0b8 100644
--- a/src/wormhole/test/test_machines.py
+++ b/src/wormhole/test/test_machines.py
@@ -243,11 +243,6 @@ class Receive(unittest.TestCase):
 
 
 class Key(unittest.TestCase):
-    def test_derive_errors(self):
-        self.assertRaises(TypeError, derive_key, 123, b"purpose")
-        self.assertRaises(TypeError, derive_key, b"key", 123)
-        self.assertRaises(TypeError, derive_key, b"key", b"purpose", "not len")
-
     def build(self):
         events = []
         k = _key.Key(u"appid", {}, u"side", timing.DebugTiming())