public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move nested Encrypt/Decrypt test to helper function

This commit is contained in:
Nick Meves 2020-05-11 17:09:00 -07:00
parent 9382293b0b
commit c6939a40c5
No known key found for this signature in database
GPG Key ID: 93BA8A3CEDCDD1CF
1 changed files with 37 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
pkg/encryption/cipher_test.go
View File

@ -3,6 +3,7 @@ package encryption
import ( import (
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"fmt"
"io" "io"
"testing" "testing"
@ -54,7 +55,7 @@ func TestEncryptAndDecrypt(t *testing.T) {
t.Run(name, func(t *testing.T) { t.Run(name, func(t *testing.T) {
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
t.Run(string(secretSize), func(t *testing.T) { t.Run(fmt.Sprintf("%d", secretSize), func(t *testing.T) {
secret := make([]byte, secretSize) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret) _, err := io.ReadFull(rand.Reader, secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
@ -75,33 +76,8 @@ func TestEncryptAndDecrypt(t *testing.T) {
t.Run(cName, func(t *testing.T) { t.Run(cName, func(t *testing.T) {
// Test various sizes sessions might be // Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} { for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
t.Run(string(dataSize), func(t *testing.T) { t.Run(fmt.Sprintf("%d", dataSize), func(t *testing.T) {
data := make([]byte, dataSize) runEncryptAndDecrypt(t, c, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err)
// Ensure our Encrypt function doesn't encrypt in place
immutableData := make([]byte, len(data))
copy(immutableData, data)
encrypted, err := c.Encrypt(data)
assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
// Encrypt didn't operate in-place on []byte
assert.Equal(t, data, immutableData)
// Ensure our Decrypt function doesn't decrypt in place
immutableEnc := make([]byte, len(encrypted))
copy(immutableEnc, encrypted)
decrypted, err := c.Decrypt(encrypted)
assert.Equal(t, nil, err)
// Original data back
assert.Equal(t, data, decrypted)
// Decrypt didn't operate in-place on []byte
assert.Equal(t, encrypted, immutableEnc)
// Encrypt/Decrypt actually did something
assert.NotEqual(t, encrypted, decrypted)
}) })
} }
}) })
@ -112,6 +88,35 @@ func TestEncryptAndDecrypt(t *testing.T) {
} }
} }
func runEncryptAndDecrypt(t *testing.T, c Cipher, dataSize int) {
data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err)
// Ensure our Encrypt function doesn't encrypt in place
immutableData := make([]byte, len(data))
copy(immutableData, data)
encrypted, err := c.Encrypt(data)
assert.Equal(t, nil, err)
assert.NotEqual(t, encrypted, data)
// Encrypt didn't operate in-place on []byte
assert.Equal(t, data, immutableData)
// Ensure our Decrypt function doesn't decrypt in place
immutableEnc := make([]byte, len(encrypted))
copy(immutableEnc, encrypted)
decrypted, err := c.Decrypt(encrypted)
assert.Equal(t, nil, err)
// Original data back
assert.Equal(t, data, decrypted)
// Decrypt didn't operate in-place on []byte
assert.Equal(t, encrypted, immutableEnc)
// Encrypt/Decrypt actually did something
assert.NotEqual(t, encrypted, decrypted)
}
func TestDecryptCFBWrongSecret(t *testing.T) { func TestDecryptCFBWrongSecret(t *testing.T) {
secret1 := []byte("0123456789abcdefghijklmnopqrstuv") secret1 := []byte("0123456789abcdefghijklmnopqrstuv")
secret2 := []byte("9876543210abcdefghijklmnopqrstuv") secret2 := []byte("9876543210abcdefghijklmnopqrstuv")
@ -156,7 +161,7 @@ func TestDecryptGCMWrongSecret(t *testing.T) {
func TestGCMtoCFBErrors(t *testing.T) { func TestGCMtoCFBErrors(t *testing.T) {
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
t.Run(string(secretSize), func(t *testing.T) { t.Run(fmt.Sprintf("%d", secretSize), func(t *testing.T) {
secret := make([]byte, secretSize) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret) _, err := io.ReadFull(rand.Reader, secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
@ -169,7 +174,7 @@ func TestGCMtoCFBErrors(t *testing.T) {
// Test various sizes sessions might be // Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} { for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
t.Run(string(dataSize), func(t *testing.T) { t.Run(fmt.Sprintf("%d", dataSize), func(t *testing.T) {
data := make([]byte, dataSize) data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data) _, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
@ -193,7 +198,7 @@ func TestGCMtoCFBErrors(t *testing.T) {
func TestCFBtoGCMErrors(t *testing.T) { func TestCFBtoGCMErrors(t *testing.T) {
// Test all 3 valid AES sizes // Test all 3 valid AES sizes
for _, secretSize := range []int{16, 24, 32} { for _, secretSize := range []int{16, 24, 32} {
t.Run(string(secretSize), func(t *testing.T) { t.Run(fmt.Sprintf("%d", secretSize), func(t *testing.T) {
secret := make([]byte, secretSize) secret := make([]byte, secretSize)
_, err := io.ReadFull(rand.Reader, secret) _, err := io.ReadFull(rand.Reader, secret)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)
@ -206,7 +211,7 @@ func TestCFBtoGCMErrors(t *testing.T) {
// Test various sizes sessions might be // Test various sizes sessions might be
for _, dataSize := range []int{10, 100, 1000, 5000, 10000} { for _, dataSize := range []int{10, 100, 1000, 5000, 10000} {
t.Run(string(dataSize), func(t *testing.T) { t.Run(fmt.Sprintf("%d", dataSize), func(t *testing.T) {
data := make([]byte, dataSize) data := make([]byte, dataSize)
_, err := io.ReadFull(rand.Reader, data) _, err := io.ReadFull(rand.Reader, data)
assert.Equal(t, nil, err) assert.Equal(t, nil, err)