tAdd test for ValidSecondHandshake - tordam - A library for peer discovery inside the Tor network HTML git clone https://git.parazyd.org/tordam DIR Log DIR Files DIR Refs DIR README DIR LICENSE --- DIR commit 8c47d16505c8f1a164c683ad90db6de7a22d79da DIR parent 5777e853e2e4083e39dada09abb3daa89f9d9124 HTML Author: parazyd <parazyd@dyne.org> Date: Mon, 11 Dec 2017 21:52:28 +0100 Add test for ValidSecondHandshake Diffstat: M cmd/dam-dir/main.go | 6 ++---- M cmd/dam-dir/main_test.go | 53 ++++++++++++++++++++++++++++++ M pkg/damlib/crypto.go | 1 + 3 files changed, 56 insertions(+), 4 deletions(-) --- DIR diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go t@@ -169,12 +169,12 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { info["firstseen"] = n.Firstseen info["valid"] = 0 // This should be 1 after the node is not considered malicious } - log.Println("Writing to Redis") + log.Printf("%s: Writing to Redis\n", n.Address) redRet, err := RedisCli.HMSet(n.Address, info).Result() lib.CheckError(err) if redRet == "OK" { - log.Println("Returning encrypted secret to caller.") + log.Println("Returning encrypted secret to", n.Address) if err := postback(rw, ret, 200); err != nil { lib.CheckError(err) } t@@ -204,10 +204,8 @@ func handlePost(rw http.ResponseWriter, request *http.Request) { val, err := lib.VerifyMsgRsa(msg, sig, pub) lib.CheckError(err) if val { - log.Println("Signature valid!") correct = true } else { - log.Println("Signature invalid!") correct = false } } DIR diff --git a/cmd/dam-dir/main_test.go b/cmd/dam-dir/main_test.go t@@ -82,6 +82,59 @@ func TestValidFirstHandshake(t *testing.T) { t.Log("Server replied:", m.Secret) } +func TestValidSecondHandshake(t *testing.T) { + resp, err := firstAnnValid() + if err != nil { + t.Error(err) + } + if resp.StatusCode != 200 { + t.Error("Server did not respond with HTTP 200") + } + m, err := getRespText(resp) + if err != nil { + t.Error(err) + } + decodedSecret, err := base64.StdEncoding.DecodeString(m.Secret) + if err != nil { + t.Error(err) + } + if len(decodedSecret) != 128 { + t.Error("decodedSecret is not of correct length.") + } + + // Second handshake starts here. + privkey, err := lib.LoadRsaKeyFromFile("./dam-private.key") + if err != nil { + t.Error(err) + } + decrypted, err := lib.DecryptMsgRsa([]byte(decodedSecret), privkey) + if err != nil { + t.Error(err) + } + decryptedEncode := base64.StdEncoding.EncodeToString(decrypted) + sig, err := lib.SignMsgRsa([]byte(decryptedEncode), privkey) + encodedSig := base64.StdEncoding.EncodeToString(sig) + + vals := ValidFirst + vals["secret"] = decryptedEncode + vals["message"] = decryptedEncode + vals["signature"] = encodedSig + + resp, err = postReq(vals) + if err != nil { + t.Error(err) + } + m, err = getRespText(resp) + if err != nil { + t.Error(err) + } + if m.Secret == "Welcome to the DAM network!" { + t.Log("Server replied:", m.Secret) + } else { + t.Error(m.Secret) + } +} + func TestMain(m *testing.M) { //cmd := exec.Command("./dam-dir") //cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} DIR diff --git a/pkg/damlib/crypto.go b/pkg/damlib/crypto.go t@@ -158,6 +158,7 @@ func VerifyMsgRsa(message []byte, signature []byte, pubkey *rsa.PublicKey) (bool hashed := sha512.Sum512(message) err := rsa.VerifyPKCS1v15(pubkey, crypto.SHA512, hashed[:], signature) if err != nil { + log.Println("Signature invalid") return false, err } log.Println("Signature valid")