public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add subtests inside of encryption unit test loops

This commit is contained in:
Nick Meves 2020-05-10 10:15:51 -07:00
parent f60e24d9c3
commit 559152a10f
No known key found for this signature in database
GPG Key ID: 93BA8A3CEDCDD1CF
1 changed files with 100 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
pkg/encryption/cipher_test.go
View File

@ -3,6 +3,7 @@ package encryption
import ( import (
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"fmt"
"io" "io"
"testing" "testing"
@ -46,62 +47,76 @@ func TestEncodeAndDecodeAccessTokenB64(t *testing.T) {
func TestEncryptAndDecrypt(t *testing.T) { func TestEncryptAndDecrypt(t *testing.T) {
// Test our 2 cipher types // Test our 2 cipher types
for _, initCipher := range []func([]byte) (Cipher, error){NewCFBCipher, NewGCMCipher} { ciphers := map[string]func([]byte) (Cipher, error){
"CFB": NewCFBCipher,
"GCM": NewGCMCipher,
}
for name, initCipher := range ciphers {
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
secret := make([]byte, secretSize) subTestName := fmt.Sprintf("%s::%d", name, secretSize)
_, err := io.ReadFull(rand.Reader, secret) t.Run(subTestName, func(t *testing.T) {
assert.Equal(t, nil, err) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret)
c, err := initCipher(secret)
assert.Equal(t, nil, err)
// Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
encrypted, err := c.Encrypt(data) c, err := initCipher(secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
decrypted, err := c.Decrypt(encrypted) // Test various sizes sessions might be
assert.Equal(t, nil, err) for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
assert.Equal(t, data, decrypted) data := make([]byte, dataSize)
assert.NotEqual(t, encrypted, decrypted) _, err := io.ReadFull(rand.Reader, data)
} assert.Equal(t, nil, err)
encrypted, err := c.Encrypt(data)
assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
decrypted, err := c.Decrypt(encrypted)
assert.Equal(t, nil, err)
assert.Equal(t, data, decrypted)
assert.NotEqual(t, encrypted, decrypted)
}
})
} }
} }
} }
func TestEncryptAndDecryptBase64(t *testing.T) { func TestEncryptAndDecryptBase64(t *testing.T) {
// Test our cipher types wrapped in Base64 encoder // Test our cipher types wrapped in Base64 encoder
for _, initCipher := range []func([]byte) (Cipher, error){NewCFBCipher, NewGCMCipher} { ciphers := map[string]func([]byte) (Cipher, error){
"CFB": NewCFBCipher,
"GCM": NewGCMCipher,
}
for name, initCipher := range ciphers {
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
secret := make([]byte, secretSize) subTestName := fmt.Sprintf("%s::%d", name, secretSize)
_, err := io.ReadFull(rand.Reader, secret) t.Run(subTestName, func(t *testing.T) {
assert.Equal(t, nil, err) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret)
c, err := NewBase64Cipher(initCipher, secret)
assert.Equal(t, nil, err)
// Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
encrypted, err := c.Encrypt(data) c, err := NewBase64Cipher(initCipher, secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
decrypted, err := c.Decrypt(encrypted) // Test various sizes sessions might be
assert.Equal(t, nil, err) for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
assert.Equal(t, data, decrypted) data := make([]byte, dataSize)
assert.NotEqual(t, encrypted, decrypted) _, err := io.ReadFull(rand.Reader, data)
} assert.Equal(t, nil, err)
encrypted, err := c.Encrypt(data)
assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
decrypted, err := c.Decrypt(encrypted)
assert.Equal(t, nil, err)
assert.Equal(t, data, decrypted)
assert.NotEqual(t, encrypted, decrypted)
}
})
} }
} }
} }
@ -150,61 +165,67 @@ func TestIntermixCiphersErrors(t *testing.T) {
// Encrypt with GCM, Decrypt with CFB: Results in Garbage data // Encrypt with GCM, Decrypt with CFB: Results in Garbage data
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
secret := make([]byte, secretSize) subTestName := fmt.Sprintf("GCM->CFB::%d", secretSize)
_, err := io.ReadFull(rand.Reader, secret) t.Run(subTestName, func(t *testing.T) {
assert.Equal(t, nil, err) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret)
gcm, err := NewGCMCipher(secret)
assert.Equal(t, nil, err)
cfb, err := NewCFBCipher(secret)
assert.Equal(t, nil, err)
// Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
encrypted, err := gcm.Encrypt(data) gcm, err := NewGCMCipher(secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
decrypted, err := cfb.Decrypt(encrypted) cfb, err := NewCFBCipher(secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
// Data is mangled
assert.NotEqual(t, data, decrypted) // Test various sizes sessions might be
assert.NotEqual(t, encrypted, decrypted) for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
} data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err)
encrypted, err := gcm.Encrypt(data)
assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
decrypted, err := cfb.Decrypt(encrypted)
assert.Equal(t, nil, err)
// Data is mangled
assert.NotEqual(t, data, decrypted)
assert.NotEqual(t, encrypted, decrypted)
}
})
} }
// Encrypt with CFB, Decrypt with GCM: Results in errors // Encrypt with CFB, Decrypt with GCM: Results in errors
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
secret := make([]byte, secretSize) subTestName := fmt.Sprintf("CFB->GCM::%d", secretSize)
_, err := io.ReadFull(rand.Reader, secret) t.Run(subTestName, func(t *testing.T) {
assert.Equal(t, nil, err) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret)
gcm, err := NewGCMCipher(secret)
assert.Equal(t, nil, err)
cfb, err := NewCFBCipher(secret)
assert.Equal(t, nil, err)
// Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
encrypted, err := cfb.Encrypt(data) gcm, err := NewGCMCipher(secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
// GCM is authenticated - this should lead to message authentication failed cfb, err := NewCFBCipher(secret)
_, err = gcm.Decrypt(encrypted) assert.Equal(t, nil, err)
assert.Error(t, err)
} // Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err)
encrypted, err := cfb.Encrypt(data)
assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
// GCM is authenticated - this should lead to message authentication failed
_, err = gcm.Decrypt(encrypted)
assert.Error(t, err)
}
})
} }
} }