crypto: Add more tests for bad key lengths

author: Joe Richey joerichey@google.com <joerichey@google.com> 2017-07-19 17:54:12 -0700
committer: Joe Richey joerichey@google.com <joerichey@google.com> 2017-07-19 18:10:12 -0700
commit: a7eb527485dfe8871f303740dec9e67c2ac6bda1 (patch)
tree: 1eb8a9fb10f5b4fb5904e4e1a36f8ea5d21f8411
parent: 69a53bcee5dd3044a3f245ebb2a5c11fe0a8a1ff (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index a154fbf..58aca9e 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -423,6 +423,18 @@ func TestWrongWrappingKeyLength(t *testing.T) {
 	}
 }
 
+// Wrong length of unwrapping key should fail
+func TestWrongUnwrappingKeyLength(t *testing.T) {
+	data, err := Wrap(fakeWrappingKey, fakeWrappingKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if k, err := Unwrap(fakeValidPolicyKey, data); err == nil {
+		k.Wipe()
+		t.Fatal("using a policy key for unwrapping should fail")
+	}
+}
+
 // Wraping twice with the same keys should give different components
 func TestWrapTwiceDistinct(t *testing.T) {
 	data1, err := Wrap(fakeWrappingKey, fakeValidPolicyKey)
@@ -546,6 +558,19 @@ func TestBadParallelism(t *testing.T) {
 	}
 }
 
+func TestBadSalt(t *testing.T) {
+	pk, err := fakePassphraseKey()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer pk.Wipe()
+
+	_, err = PassphraseHash(pk, []byte{1, 2, 3, 4}, hashTestCases[0].costs)
+	if err == nil {
+		t.Error("too short of salt should be invalid")
+	}
+}
+
 func BenchmarkWrap(b *testing.B) {
 	for n := 0; n < b.N; n++ {
 		Wrap(fakeWrappingKey, fakeValidPolicyKey)
author	Joe Richey joerichey@google.com <joerichey@google.com>	2017-07-19 17:54:12 -0700
committer	Joe Richey joerichey@google.com <joerichey@google.com>	2017-07-19 18:10:12 -0700
commit	a7eb527485dfe8871f303740dec9e67c2ac6bda1 (patch)
tree	1eb8a9fb10f5b4fb5904e4e1a36f8ea5d21f8411
parent	69a53bcee5dd3044a3f245ebb2a5c11fe0a8a1ff (diff)