warnings, docs, and finding bugs
This commit is contained in:
		
							parent
							
								
									a649d6f131
								
							
						
					
					
						commit
						9895f00e5e
					
				| @ -273,7 +273,7 @@ impl KeyFileCrypto { | |||||||
| 	/// `c` - number of iterations for derived key.
 | 	/// `c` - number of iterations for derived key.
 | ||||||
| 	/// `salt` - cryptographic site, random 256-bit hash (ensure it's crypto-random).
 | 	/// `salt` - cryptographic site, random 256-bit hash (ensure it's crypto-random).
 | ||||||
| 	/// `iv` - initialisation vector.
 | 	/// `iv` - initialisation vector.
 | ||||||
| 	pub fn new_pbkdf2(cipher_text: Bytes, iv: H128, salt: H256, c: u32, dk_len: u32) -> KeyFileCrypto { | 	pub fn new_pbkdf2(cipher_text: Bytes, iv: H128, salt: H256, mac: H256, c: u32, dk_len: u32) -> KeyFileCrypto { | ||||||
| 		KeyFileCrypto { | 		KeyFileCrypto { | ||||||
| 			cipher_type: CryptoCipherType::Aes128Ctr(iv), | 			cipher_type: CryptoCipherType::Aes128Ctr(iv), | ||||||
| 			cipher_text: cipher_text, | 			cipher_text: cipher_text, | ||||||
| @ -283,7 +283,7 @@ impl KeyFileCrypto { | |||||||
| 				c: c, | 				c: c, | ||||||
| 				prf: Pbkdf2CryptoFunction::HMacSha256 | 				prf: Pbkdf2CryptoFunction::HMacSha256 | ||||||
| 			}), | 			}), | ||||||
| 			mac: H256::random(), | 			mac: mac, | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| @ -530,6 +530,22 @@ impl KeyDirectory { | |||||||
| 		self.cache.borrow().len() | 		self.cache.borrow().len() | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | 	/// Removes key file from key directory
 | ||||||
|  | 	pub fn delete(&mut self, id: &Uuid) -> Result<(), ::std::io::Error> { | ||||||
|  | 		let path = self.key_path(id); | ||||||
|  | 
 | ||||||
|  | 		if !self.cache.borrow().contains_key(id) { | ||||||
|  | 			return match fs::remove_file(&path) { | ||||||
|  | 				Ok(_) => { | ||||||
|  | 					self.cache.borrow_mut().remove(&id); | ||||||
|  | 					Ok(()) | ||||||
|  | 				}, | ||||||
|  | 				Err(e) => Err(e) | ||||||
|  | 			}; | ||||||
|  | 		} | ||||||
|  | 		Ok(()) | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	fn key_path(&self, id: &Uuid) -> PathBuf { | 	fn key_path(&self, id: &Uuid) -> PathBuf { | ||||||
| 		let mut path = PathBuf::new(); | 		let mut path = PathBuf::new(); | ||||||
| 		path.push(self.path.clone()); | 		path.push(self.path.clone()); | ||||||
| @ -849,14 +865,14 @@ mod file_tests { | |||||||
| 	#[test] | 	#[test] | ||||||
| 	fn can_create_key_with_new_id() { | 	fn can_create_key_with_new_id() { | ||||||
| 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | ||||||
| 		let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), 32, 32)); | 		let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), H256::random(), 32, 32)); | ||||||
| 		assert!(!uuid_to_string(&key.id).is_empty()); | 		assert!(!uuid_to_string(&key.id).is_empty()); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	#[test] | 	#[test] | ||||||
| 	fn can_load_json_from_itself() { | 	fn can_load_json_from_itself() { | ||||||
| 		let cipher_text: Bytes = FromHex::from_hex("aaaaaaaaaaaaaaaaaaaaaaaaaaa22222222222222222222222").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("aaaaaaaaaaaaaaaaaaaaaaaaaaa22222222222222222222222").unwrap(); | ||||||
| 		let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), 32, 32)); | 		let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), H256::random(), 32, 32)); | ||||||
| 		let json = key.to_json(); | 		let json = key.to_json(); | ||||||
| 
 | 
 | ||||||
| 		let loaded_key = KeyFileContent::from_json(&json).unwrap(); | 		let loaded_key = KeyFileContent::from_json(&json).unwrap(); | ||||||
| @ -1014,7 +1030,7 @@ mod directory_tests { | |||||||
| 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | ||||||
| 		let temp_path = RandomTempPath::create_dir(); | 		let temp_path = RandomTempPath::create_dir(); | ||||||
| 		let mut directory = KeyDirectory::new(&temp_path.as_path()); | 		let mut directory = KeyDirectory::new(&temp_path.as_path()); | ||||||
| 		let uuid = directory.save(KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), 32, 32))).unwrap(); | 		let uuid = directory.save(KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), H256::random(), 32, 32))).unwrap(); | ||||||
| 		let path = directory.key_path(&uuid); | 		let path = directory.key_path(&uuid); | ||||||
| 
 | 
 | ||||||
| 		let key = KeyDirectory::load_key(&path).unwrap(); | 		let key = KeyDirectory::load_key(&path).unwrap(); | ||||||
| @ -1030,7 +1046,7 @@ mod directory_tests { | |||||||
| 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | ||||||
| 		let mut keys = Vec::new(); | 		let mut keys = Vec::new(); | ||||||
| 		for _ in 0..1000 { | 		for _ in 0..1000 { | ||||||
| 			let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), 32, 32)); | 			let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), H256::random(), 32, 32)); | ||||||
| 			keys.push(directory.save(key).unwrap()); | 			keys.push(directory.save(key).unwrap()); | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| @ -1050,7 +1066,7 @@ mod directory_tests { | |||||||
| 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | ||||||
| 		let mut keys = Vec::new(); | 		let mut keys = Vec::new(); | ||||||
| 		for _ in 0..1000 { | 		for _ in 0..1000 { | ||||||
| 			let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), 32, 32)); | 			let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), H256::random(), 32, 32)); | ||||||
| 			keys.push(directory.save(key).unwrap()); | 			keys.push(directory.save(key).unwrap()); | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| @ -1083,7 +1099,7 @@ mod specs { | |||||||
| 		let temp_path = RandomTempPath::create_dir(); | 		let temp_path = RandomTempPath::create_dir(); | ||||||
| 		let mut directory = KeyDirectory::new(&temp_path.as_path()); | 		let mut directory = KeyDirectory::new(&temp_path.as_path()); | ||||||
| 
 | 
 | ||||||
| 		let uuid = directory.save(KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), 32, 32))); | 		let uuid = directory.save(KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text, H128::zero(), H256::random(), H256::random(), 32, 32))); | ||||||
| 
 | 
 | ||||||
| 		assert!(uuid.is_ok()); | 		assert!(uuid.is_ok()); | ||||||
| 	} | 	} | ||||||
| @ -1093,7 +1109,7 @@ mod specs { | |||||||
| 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | ||||||
| 		let temp_path = RandomTempPath::create_dir(); | 		let temp_path = RandomTempPath::create_dir(); | ||||||
| 		let mut directory = KeyDirectory::new(&temp_path.as_path()); | 		let mut directory = KeyDirectory::new(&temp_path.as_path()); | ||||||
| 		let uuid = directory.save(KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), 32, 32))).unwrap(); | 		let uuid = directory.save(KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), H256::random(), 32, 32))).unwrap(); | ||||||
| 
 | 
 | ||||||
| 		let key = directory.get(&uuid).unwrap(); | 		let key = directory.get(&uuid).unwrap(); | ||||||
| 
 | 
 | ||||||
| @ -1108,7 +1124,7 @@ mod specs { | |||||||
| 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | 		let cipher_text: Bytes = FromHex::from_hex("a0f05555").unwrap(); | ||||||
| 		let mut keys = Vec::new(); | 		let mut keys = Vec::new(); | ||||||
| 		for _ in 0..10 { | 		for _ in 0..10 { | ||||||
| 			let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), 32, 32)); | 			let key = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(cipher_text.clone(), H128::zero(), H256::random(), H256::random(), 32, 32)); | ||||||
| 			keys.push(directory.save(key).unwrap()); | 			keys.push(directory.save(key).unwrap()); | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -17,5 +17,4 @@ | |||||||
| //! Key management module
 | //! Key management module
 | ||||||
| 
 | 
 | ||||||
| pub mod directory; | pub mod directory; | ||||||
| 
 | pub mod store; | ||||||
| mod store; |  | ||||||
|  | |||||||
| @ -14,12 +14,11 @@ | |||||||
| // You should have received a copy of the GNU General Public License
 | // You should have received a copy of the GNU General Public License
 | ||||||
| // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 | // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 | ||||||
| 
 | 
 | ||||||
| //! Generic Encryptor
 | //! Secret Store
 | ||||||
| 
 | 
 | ||||||
| use keys::directory::*; | use keys::directory::*; | ||||||
| use common::*; | use common::*; | ||||||
| use rcrypto::pbkdf2::*; | use rcrypto::pbkdf2::*; | ||||||
| use rcrypto::aes; |  | ||||||
| use rcrypto::hmac::*; | use rcrypto::hmac::*; | ||||||
| use crypto; | use crypto; | ||||||
| 
 | 
 | ||||||
| @ -30,25 +29,37 @@ const KEY_LENGTH_AES: u32 = KEY_LENGTH/2; | |||||||
| const KEY_LENGTH_USIZE: usize = KEY_LENGTH as usize; | const KEY_LENGTH_USIZE: usize = KEY_LENGTH as usize; | ||||||
| const KEY_LENGTH_AES_USIZE: usize = KEY_LENGTH_AES as usize; | const KEY_LENGTH_AES_USIZE: usize = KEY_LENGTH_AES as usize; | ||||||
| 
 | 
 | ||||||
|  | /// Encrypted hash-map, each request should contain password
 | ||||||
| pub trait EncryptedHashMap<Key: Hash + Eq> { | pub trait EncryptedHashMap<Key: Hash + Eq> { | ||||||
| 	// Returns existing value for the key, if any
 | 	/// Returns existing value for the key, if any
 | ||||||
| 	fn get<Value: Populatable + Default + BytesConvertable>(&self, key: &Key, password: &str) -> Option<Value>; | 	fn get<Value: Populatable + Default + BytesConvertable>(&self, key: &Key, password: &str) ->  Result<Value, EncryptedHashMapError>; | ||||||
| 	// Insert new encrypted key-value and returns previous if there was any
 | 	/// Insert new encrypted key-value and returns previous if there was any
 | ||||||
| 	fn insert<Value: Populatable + Default + BytesConvertable>(&mut self, key: Key, value: Value, password: &str) -> Option<Value>; | 	fn insert<Value: Populatable + Default + BytesConvertable>(&mut self, key: Key, value: Value, password: &str) -> Option<Value>; | ||||||
| 	// Removes key-value by key and returns the removed one, if any exists and password was provided
 | 	/// Removes key-value by key and returns the removed one, if any exists and password was provided
 | ||||||
| 	fn remove<Value: Populatable + Default + BytesConvertable> (&mut self, key: &Key, password: Option<&str>) -> Option<Value>; | 	fn remove<Value: Populatable + Default + BytesConvertable> (&mut self, key: &Key, password: Option<&str>) -> Option<Value>; | ||||||
| 	// Deletes key-value by key and returns if the key-value existed
 | 	/// Deletes key-value by key and returns if the key-value existed
 | ||||||
| 	fn delete(&mut self, key: &Key) -> bool { | 	fn delete(&mut self, key: &Key) -> bool { | ||||||
| 		self.remove::<&[u8]>(key, None).is_some() | 		self.remove::<&[u8]>(key, None).is_some() | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | /// Error retrieving value from encrypted hashmap
 | ||||||
|  | #[derive(Debug)] | ||||||
|  | pub enum EncryptedHashMapError { | ||||||
|  | 	/// Encryption failed
 | ||||||
|  | 	InvalidPassword, | ||||||
|  | 	/// No key in the hashmap
 | ||||||
|  | 	UnknownIdentifier | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /// Represent service for storing encrypted arbitrary data
 | ||||||
| pub struct SecretStore { | pub struct SecretStore { | ||||||
| 	directory: KeyDirectory | 	directory: KeyDirectory | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| impl SecretStore { | impl SecretStore { | ||||||
| 	fn new() -> SecretStore { | 	/// new instance of Secret Store
 | ||||||
|  | 	pub fn new() -> SecretStore { | ||||||
| 		let mut path = ::std::env::home_dir().expect("Failed to get home dir"); | 		let mut path = ::std::env::home_dir().expect("Failed to get home dir"); | ||||||
| 		path.push(".keys"); | 		path.push(".keys"); | ||||||
| 		SecretStore { | 		SecretStore { | ||||||
| @ -85,41 +96,75 @@ fn derive_mac(derived_left_bits: &[u8], cipher_text: &[u8]) -> Bytes { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| impl EncryptedHashMap<H128> for SecretStore { | impl EncryptedHashMap<H128> for SecretStore { | ||||||
| 	fn get<Value: Populatable + Default + BytesConvertable>(&self, key: &H128, password: &str) -> Option<Value> { | 	fn get<Value: Populatable + Default + BytesConvertable>(&self, key: &H128, password: &str) -> Result<Value, EncryptedHashMapError> { | ||||||
| 		match self.directory.get(key) { | 		match self.directory.get(key) { | ||||||
| 			Some(key_file) => { | 			Some(key_file) => { | ||||||
| 				let mut instance = Value::default(); | 				let decrypted_bytes = match key_file.crypto.kdf { | ||||||
| 				instance.populate_raw(&key_file.crypto.cipher_text); | 					KeyFileKdf::Pbkdf2(ref params) => { | ||||||
| 				Some(instance) | 						let (derived_left_bits, derived_right_bits) = derive_key(password, ¶ms.salt); | ||||||
| 			}, | 						let expected_mac = derive_mac(&derived_right_bits, &key_file.crypto.cipher_text).sha3(); | ||||||
| 			None => None | 						if expected_mac != key_file.crypto.mac { return Err(EncryptedHashMapError::InvalidPassword); } | ||||||
| 		} |  | ||||||
| 
 | 
 | ||||||
|  | 						let mut val = vec![0u8; key_file.crypto.cipher_text.len()]; | ||||||
|  | 						match key_file.crypto.cipher_type { | ||||||
|  | 							CryptoCipherType::Aes128Ctr(ref iv) => { | ||||||
|  | 								crypto::aes::decrypt(&derived_left_bits, &iv.as_slice(), &key_file.crypto.cipher_text, &mut val); | ||||||
|  | 							} | ||||||
|  | 						} | ||||||
|  | 						val | ||||||
|  | 					} | ||||||
|  | 					_ => { unimplemented!(); } | ||||||
|  | 				}; | ||||||
|  | 
 | ||||||
|  | 				let mut instance = Value::default(); | ||||||
|  | 				instance.populate_raw(&decrypted_bytes); | ||||||
|  | 				Ok(instance) | ||||||
|  | 			}, | ||||||
|  | 			None => Err(EncryptedHashMapError::UnknownIdentifier) | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	fn insert<Value: Populatable + Default + BytesConvertable>(&mut self, key: H128, value: Value, password: &str) -> Option<Value> { | 	fn insert<Value: Populatable + Default + BytesConvertable>(&mut self, key: H128, value: Value, password: &str) -> Option<Value> { | ||||||
| 		let previous = if let Some(_) = self.directory.get(&key) { self.get(&key, password) } else { None }; | 		let previous = if let Ok(previous_value) = self.get(&key, password) { Some(previous_value) } else { None }; | ||||||
| 
 | 
 | ||||||
|  | 		// crypto random initiators
 | ||||||
| 		let salt = H256::random(); | 		let salt = H256::random(); | ||||||
| 		let iv = H128::random(); | 		let iv = H128::random(); | ||||||
| 		let mut key_file = KeyFileContent::new(KeyFileCrypto::new_pbkdf2(vec![], iv.clone(), salt.clone(), KEY_ITERATIONS, KEY_LENGTH)); |  | ||||||
| 
 | 
 | ||||||
|  | 		// two parts of derived key
 | ||||||
|  | 		// DK = [ DK[0..15] DK[16..31] ] = [derived_left_bits, derived_right_bits]
 | ||||||
| 		let (derived_left_bits, derived_right_bits) = derive_key(password, &salt); | 		let (derived_left_bits, derived_right_bits) = derive_key(password, &salt); | ||||||
| 
 | 
 | ||||||
| 		let mut cipher_text = vec![0u8; value.as_slice().len()]; | 		let mut cipher_text = vec![0u8; value.as_slice().len()]; | ||||||
| 		crypto::aes::encrypt(&derived_left_bits, &iv.as_slice(), &value.as_slice(), &mut cipher_text); | 		// aes-128-ctr with initial vector of iv
 | ||||||
| 		key_file.crypto.cipher_text = cipher_text.clone(); | 		crypto::aes::encrypt(&derived_left_bits, &iv.clone(), &value.as_slice(), &mut cipher_text); | ||||||
| 
 | 
 | ||||||
| 		key_file.crypto.mac = derive_mac(&derived_right_bits, &cipher_text).sha3(); | 		// KECCAK(DK[16..31] ++ <ciphertext>), where DK[16..31] - derived_right_bits
 | ||||||
|  | 		let mac = derive_mac(&derived_right_bits, &cipher_text.clone()).sha3(); | ||||||
| 
 | 
 | ||||||
|  | 		let key_file = KeyFileContent::new( | ||||||
|  | 			KeyFileCrypto::new_pbkdf2( | ||||||
|  | 				cipher_text, | ||||||
|  | 				iv, | ||||||
|  | 				salt, | ||||||
|  | 				mac, | ||||||
|  | 				KEY_ITERATIONS, | ||||||
|  | 				KEY_LENGTH)); | ||||||
|  | 		if let Err(io_error) = self.directory.save(key_file) { | ||||||
|  | 			warn!("Error saving key file: {:?}", io_error); | ||||||
|  | 		} | ||||||
| 		previous | 		previous | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	fn remove<Value: Populatable + Default + BytesConvertable>(&mut self, key: &H128, password: Option<&str>) -> Option<Value> { | 	fn remove<Value: Populatable + Default + BytesConvertable>(&mut self, key: &H128, password: Option<&str>) -> Option<Value> { | ||||||
| 		let previous = match (self.directory.get(&key), password) { | 		let previous = if let Some(pass) = password { | ||||||
| 			(Some(_), Some(pass)) => self.get(&key, pass), | 			if let Ok(previous_value) = self.get(&key, pass) { Some(previous_value) } else { None } | ||||||
| 			(_, _) => None | 		} | ||||||
| 		}; | 		else { None }; | ||||||
|  | 
 | ||||||
|  | 		if let Err(io_error) = self.directory.delete(key) { | ||||||
|  | 			warn!("Error saving key file: {:?}", io_error); | ||||||
|  | 		} | ||||||
| 		previous | 		previous | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| @ -127,7 +172,7 @@ impl EncryptedHashMap<H128> for SecretStore { | |||||||
| 
 | 
 | ||||||
| #[cfg(test)] | #[cfg(test)] | ||||||
| mod vector_tests { | mod vector_tests { | ||||||
| 	use super::{derive_key,derive_mac,derive_key_iterations}; | 	use super::{derive_mac,derive_key_iterations}; | ||||||
| 	use common::*; | 	use common::*; | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| @ -142,7 +187,7 @@ mod vector_tests { | |||||||
| 		assert_eq!("f06d69cdc7da0faffb1008270bca38f5", derived_left_bits.to_hex()); | 		assert_eq!("f06d69cdc7da0faffb1008270bca38f5", derived_left_bits.to_hex()); | ||||||
| 		assert_eq!("e31891a3a773950e6d0fea48a7188551", derived_right_bits.to_hex()); | 		assert_eq!("e31891a3a773950e6d0fea48a7188551", derived_right_bits.to_hex()); | ||||||
| 
 | 
 | ||||||
| 		let mut mac_body = derive_mac(&derived_right_bits, &cipher_text); | 		let mac_body = derive_mac(&derived_right_bits, &cipher_text); | ||||||
| 		assert_eq!("e31891a3a773950e6d0fea48a71885515318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46", mac_body.to_hex()); | 		assert_eq!("e31891a3a773950e6d0fea48a71885515318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46", mac_body.to_hex()); | ||||||
| 
 | 
 | ||||||
| 		let mac = mac_body.sha3(); | 		let mac = mac_body.sha3(); | ||||||
| @ -165,6 +210,51 @@ mod tests { | |||||||
| 		sstore.insert(H128::random(), "Cat".to_owned(), "pass"); | 		sstore.insert(H128::random(), "Cat".to_owned(), "pass"); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | 	#[test] | ||||||
|  | 	fn secret_store_get_fail() { | ||||||
|  | 		let temp = RandomTempPath::create_dir(); | ||||||
|  | 		{ | ||||||
|  | 			use keys::directory::{KeyFileContent, KeyFileCrypto}; | ||||||
|  | 			let mut write_sstore = SecretStore::new_test(&temp); | ||||||
|  | 			write_sstore.directory.save( | ||||||
|  | 				KeyFileContent::new( | ||||||
|  | 					KeyFileCrypto::new_pbkdf2( | ||||||
|  | 						FromHex::from_hex("5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46").unwrap(), | ||||||
|  | 						H128::from_str("6087dab2f9fdbbfaddc31a909735c1e6").unwrap(), | ||||||
|  | 						H256::from_str("ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd").unwrap(), | ||||||
|  | 						H256::from_str("517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2").unwrap(), | ||||||
|  | 						262144, | ||||||
|  | 						32))) | ||||||
|  | 				.unwrap(); | ||||||
|  | 		} | ||||||
|  | 		let sstore = SecretStore::new_test(&temp); | ||||||
|  | 		if let Ok(_) = sstore.get::<Bytes>(&H128::from_str("3198bc9c66725ab3d9954942343ae5b6").unwrap(), "testpassword") { | ||||||
|  | 			panic!("shoud be error loading key,  we requested the wrong key"); | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	#[test] | ||||||
|  | 	fn secret_store_get() { | ||||||
|  | 		let temp = RandomTempPath::create_dir(); | ||||||
|  | 		let key_id = { | ||||||
|  | 			use keys::directory::{KeyFileContent, KeyFileCrypto}; | ||||||
|  | 			let mut write_sstore = SecretStore::new_test(&temp); | ||||||
|  | 			write_sstore.directory.save( | ||||||
|  | 				KeyFileContent::new( | ||||||
|  | 					KeyFileCrypto::new_pbkdf2( | ||||||
|  | 						FromHex::from_hex("5318b4d5bcd28de64ee5559e671353e16f075ecae9f99c7a79a38af5f869aa46").unwrap(), | ||||||
|  | 						H128::from_str("6087dab2f9fdbbfaddc31a909735c1e6").unwrap(), | ||||||
|  | 						H256::from_str("ae3cd4e7013836a3df6bd7241b12db061dbe2c6785853cce422d148a624ce0bd").unwrap(), | ||||||
|  | 						H256::from_str("517ead924a9d0dc3124507e3393d175ce3ff7c1e96529c6c555ce9e51205e9b2").unwrap(), | ||||||
|  | 						262144, | ||||||
|  | 						32))) | ||||||
|  | 				.unwrap() | ||||||
|  | 		}; | ||||||
|  | 		let sstore = SecretStore::new_test(&temp); | ||||||
|  | 		if let Err(e) = sstore.get::<Bytes>(&key_id, "testpassword") { | ||||||
|  | 			panic!("got no key: {:?}", e); | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| } | } | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user