From a7eb527485dfe8871f303740dec9e67c2ac6bda1 Mon Sep 17 00:00:00 2001
From: "Joe Richey joerichey@google.com" <joerichey@google.com>
Date: Wed, 19 Jul 2017 17:54:12 -0700
Subject: crypto: Add more tests for bad key lengths

---
 crypto/crypto_test.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'crypto/crypto_test.go')

diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go
index a154fbf..58aca9e 100644
--- a/crypto/crypto_test.go
+++ b/crypto/crypto_test.go
@@ -423,6 +423,18 @@ func TestWrongWrappingKeyLength(t *testing.T) {
 	}
 }
 
+// Wrong length of unwrapping key should fail
+func TestWrongUnwrappingKeyLength(t *testing.T) {
+	data, err := Wrap(fakeWrappingKey, fakeWrappingKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if k, err := Unwrap(fakeValidPolicyKey, data); err == nil {
+		k.Wipe()
+		t.Fatal("using a policy key for unwrapping should fail")
+	}
+}
+
 // Wraping twice with the same keys should give different components
 func TestWrapTwiceDistinct(t *testing.T) {
 	data1, err := Wrap(fakeWrappingKey, fakeValidPolicyKey)
@@ -546,6 +558,19 @@ func TestBadParallelism(t *testing.T) {
 	}
 }
 
+func TestBadSalt(t *testing.T) {
+	pk, err := fakePassphraseKey()
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer pk.Wipe()
+
+	_, err = PassphraseHash(pk, []byte{1, 2, 3, 4}, hashTestCases[0].costs)
+	if err == nil {
+		t.Error("too short of salt should be invalid")
+	}
+}
+
 func BenchmarkWrap(b *testing.B) {
 	for n := 0; n < b.N; n++ {
 		Wrap(fakeWrappingKey, fakeValidPolicyKey)
-- 
cgit v1.2.3