constellation/keyservice/kms/cluster/cluster_test.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package cluster

import (
	"context"
	"strings"
	"testing"

	"github.com/edgelesssys/constellation/v2/internal/crypto/testvector"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"go.uber.org/goleak"
)

func TestMain(m *testing.M) {
	goleak.VerifyTestMain(m)
}

func TestClusterKMS(t *testing.T) {
	testVector := testvector.HKDF0xFF
	assert := assert.New(t)
	kms := New(testVector.Salt)

	key, err := kms.GetDEK(context.Background(), "", "key-1", 32)
	assert.Error(err)
	assert.Nil(key)

	err = kms.CreateKEK(context.Background(), "", testVector.Secret)
	assert.NoError(err)
	assert.Equal(testVector.Secret, kms.masterKey)

	keyLower, err := kms.GetDEK(
		context.Background(),
		"",
		strings.ToLower(testVector.InfoPrefix+testVector.Info),
		int(testVector.Length),
	)
	assert.NoError(err)
	assert.Equal(testVector.Output, keyLower)

	// output of the KMS should be case sensitive
	keyUpper, err := kms.GetDEK(
		context.Background(),
		"",
		strings.ToUpper(testVector.InfoPrefix+testVector.Info),
		int(testVector.Length),
	)
	assert.NoError(err)
	assert.NotEqual(key, keyUpper)
}

func TestVectorsHKDF(t *testing.T) {
	testCases := map[string]struct {
		kek     []byte
		salt    []byte
		dekID   string
		dekSize uint
		wantKey []byte
	}{
		"rfc Test Case 1": {
			kek:     testvector.HKDFrfc1.Secret,
			salt:    testvector.HKDFrfc1.Salt,
			dekID:   testvector.HKDFrfc1.Info,
			dekSize: testvector.HKDFrfc1.Length,
			wantKey: testvector.HKDFrfc1.Output,
		},
		"rfc Test Case 2": {
			kek:     testvector.HKDFrfc2.Secret,
			salt:    testvector.HKDFrfc2.Salt,
			dekID:   testvector.HKDFrfc2.Info,
			dekSize: testvector.HKDFrfc2.Length,
			wantKey: testvector.HKDFrfc2.Output,
		},
		"rfc Test Case 3": {
			kek:     testvector.HKDFrfc3.Secret,
			salt:    testvector.HKDFrfc3.Salt,
			dekID:   testvector.HKDFrfc3.Info,
			dekSize: testvector.HKDFrfc3.Length,
			wantKey: testvector.HKDFrfc3.Output,
		},
		"HKDF zero": {
			kek:     testvector.HKDFZero.Secret,
			salt:    testvector.HKDFZero.Salt,
			dekID:   testvector.HKDFZero.InfoPrefix + testvector.HKDFZero.Info,
			dekSize: testvector.HKDFZero.Length,
			wantKey: testvector.HKDFZero.Output,
		},
		"HKDF 0xFF": {
			kek:     testvector.HKDF0xFF.Secret,
			salt:    testvector.HKDF0xFF.Salt,
			dekID:   testvector.HKDF0xFF.InfoPrefix + testvector.HKDF0xFF.Info,
			dekSize: testvector.HKDF0xFF.Length,
			wantKey: testvector.HKDF0xFF.Output,
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)
			require := require.New(t)

			kms := New(tc.salt)
			require.NoError(kms.CreateKEK(context.Background(), "", tc.kek))

			out, err := kms.GetDEK(context.Background(), "", tc.dekID, int(tc.dekSize))
			require.NoError(err)
			assert.Equal(tc.wantKey, out)
		})
	}
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 03:06:08 -04:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

AB#1943 Extract KMS package (#56) * Extract kmsapi from coordinator * Add kmsapi cmd server 2022-05-10 06:35:17 -04:00			`package cluster`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00
			`import (`
			`"context"`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`"strings"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`"testing"`

Upgrade go module to v2 2022-09-21 07:47:57 -04:00			`"github.com/edgelesssys/constellation/v2/internal/crypto/testvector"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`"github.com/stretchr/testify/assert"`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`"github.com/stretchr/testify/require"`
Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 09:24:36 -04:00			`"go.uber.org/goleak"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`)`

Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 09:24:36 -04:00			`func TestMain(m *testing.M) {`
			`goleak.VerifyTestMain(m)`
			`}`

Simplify node lock and various small changes Co-authored-by: Fabian Kammel <fabian@kammel.dev> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> 2022-07-14 09:45:04 -04:00			`func TestClusterKMS(t *testing.T) {`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`testVector := testvector.HKDF0xFF`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`assert := assert.New(t)`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`kms := New(testVector.Salt)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00
			`key, err := kms.GetDEK(context.Background(), "", "key-1", 32)`
			`assert.Error(err)`
			`assert.Nil(key)`

Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`err = kms.CreateKEK(context.Background(), "", testVector.Secret)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`assert.NoError(err)`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`assert.Equal(testVector.Secret, kms.masterKey)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`keyLower, err := kms.GetDEK(`
			`context.Background(),`
			`"",`
			`strings.ToLower(testVector.InfoPrefix+testVector.Info),`
			`int(testVector.Length),`
			`)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`assert.NoError(err)`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`assert.Equal(testVector.Output, keyLower)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`// output of the KMS should be case sensitive`
			`keyUpper, err := kms.GetDEK(`
			`context.Background(),`
			`"",`
			`strings.ToUpper(testVector.InfoPrefix+testVector.Info),`
			`int(testVector.Length),`
			`)`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`assert.NoError(err)`
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`assert.NotEqual(key, keyUpper)`
			`}`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`func TestVectorsHKDF(t *testing.T) {`
			`testCases := map[string]struct {`
			`kek []byte`
			`salt []byte`
			`dekID string`
			`dekSize uint`
			`wantKey []byte`
			`}{`
			`"rfc Test Case 1": {`
			`kek: testvector.HKDFrfc1.Secret,`
			`salt: testvector.HKDFrfc1.Salt,`
			`dekID: testvector.HKDFrfc1.Info,`
			`dekSize: testvector.HKDFrfc1.Length,`
			`wantKey: testvector.HKDFrfc1.Output,`
			`},`
			`"rfc Test Case 2": {`
			`kek: testvector.HKDFrfc2.Secret,`
			`salt: testvector.HKDFrfc2.Salt,`
			`dekID: testvector.HKDFrfc2.Info,`
			`dekSize: testvector.HKDFrfc2.Length,`
			`wantKey: testvector.HKDFrfc2.Output,`
			`},`
			`"rfc Test Case 3": {`
			`kek: testvector.HKDFrfc3.Secret,`
			`salt: testvector.HKDFrfc3.Salt,`
			`dekID: testvector.HKDFrfc3.Info,`
			`dekSize: testvector.HKDFrfc3.Length,`
			`wantKey: testvector.HKDFrfc3.Output,`
			`},`
			`"HKDF zero": {`
			`kek: testvector.HKDFZero.Secret,`
			`salt: testvector.HKDFZero.Salt,`
			`dekID: testvector.HKDFZero.InfoPrefix + testvector.HKDFZero.Info,`
			`dekSize: testvector.HKDFZero.Length,`
			`wantKey: testvector.HKDFZero.Output,`
			`},`
			`"HKDF 0xFF": {`
			`kek: testvector.HKDF0xFF.Secret,`
			`salt: testvector.HKDF0xFF.Salt,`
			`dekID: testvector.HKDF0xFF.InfoPrefix + testvector.HKDF0xFF.Info,`
			`dekSize: testvector.HKDF0xFF.Length,`
			`wantKey: testvector.HKDF0xFF.Output,`
			`},`
			`}`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00
Add test vectors for key derivation functions (#320) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-08-01 03:11:13 -04:00			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`
			`require := require.New(t)`

			`kms := New(tc.salt)`
			`require.NoError(kms.CreateKEK(context.Background(), "", tc.kek))`

			`out, err := kms.GetDEK(context.Background(), "", tc.dekID, int(tc.dekSize))`
			`require.NoError(err)`
			`assert.Equal(tc.wantKey, out)`
			`})`
			`}`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 11:03:15 -04:00			`}`