From 20924ca06efba5a50356bdb5abb1f7b87f34f817 Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Thu, 2 Mar 2017 11:22:43 -0800 Subject: crypto: Key struct for secure buffers This commit adds in the crypto package, which will hold all of the security primitives for fscrypt. This first component deals with securely handling keys in memory. To do this in a consistent way across fscrypt, we introduce the Key struct. Any sensitive memory (like keys, passwords, or recovery tokens) in fscrypt will be held in a Key. No code outside of the crypto package should access the Key's data directly. Convenience functions and methods are provided to construct keys from io.Readers (either with fixed length or with variable length) and to access information about the Keys. The most important property of Keys is that the data is locked in memory on construction, and the data is unlocked and wiped when Wipe is called. This happens either by something like "defer key.Wipe()" or through the finalizer. Change-Id: Ice76335f3975efb439b3f1ab605ef34cb7fcb4d6 --- crypto/crypto_test.go | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 crypto/crypto_test.go (limited to 'crypto/crypto_test.go') diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go new file mode 100644 index 0000000..d76381e --- /dev/null +++ b/crypto/crypto_test.go @@ -0,0 +1,113 @@ +/* + * crypto_test.go - tests for the crypto package + * + * Copyright 2017 Google Inc. + * Author: Joe Richey (joerichey@google.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package crypto + +import ( + "bytes" + "os" + "testing" +) + +// Reader that always returns the same byte +type ConstReader byte + +func (r ConstReader) Read(b []byte) (n int, err error) { + for i := range b { + b[i] = byte(r) + } + return len(b), nil +} + +// Makes a key of the same repeating byte +func makeKey(b byte, n int) (*Key, error) { + return NewFixedLengthKeyFromReader(ConstReader(b), n) +} + +// Tests the two ways of making keys +func TestMakeKeys(t *testing.T) { + data := []byte("1234\n6789") + + key1, err := NewKeyFromReader(bytes.NewReader(data)) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(data, key1.data) { + t.Error("Key from reader contained incorrect data") + } + + key2, err := NewFixedLengthKeyFromReader(bytes.NewReader(data), 6) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal([]byte("1234\n6"), key2.data) { + t.Error("Fixed length key from reader contained incorrect data") + } +} + +// Tests that wipe succeeds +func TestWipe(t *testing.T) { + key, err := makeKey(1, 1000) + if err != nil { + t.Fatal(err) + } + if err := key.Wipe(); err != nil { + t.Error(err) + } +} + +// Making keys with negative length should fail +func TestInvalidLength(t *testing.T) { + _, err := NewFixedLengthKeyFromReader(bytes.NewReader([]byte{1, 2, 3, 4}), -1) + if err == nil { + t.Error("Negative lengths should cause failure") + } +} + +// Test making keys of zero length +func TestZeroLength(t *testing.T) { + key1, err := NewFixedLengthKeyFromReader(os.Stdin, 0) + if err != nil { + t.Fatal(err) + } + if key1.data != nil { + t.Error("FIxed length key from reader contained data") + } + + key2, err := NewKeyFromReader(bytes.NewReader(nil)) + if err != nil { + t.Fatal(err) + } + if key2.data != nil { + t.Error("Key from empty reader contained data") + } +} + +// Test making keys long enough that the keys will have to resize +func TestLongLength(t *testing.T) { + // Key will have to resize 3 times + data := bytes.Repeat([]byte{1}, os.Getpagesize()*5) + key, err := NewKeyFromReader(bytes.NewReader(data)) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(data, key.data) { + t.Error("Key contained incorrect data") + } +} -- cgit v1.2.3