commit 8c47d16505c8f1a164c683ad90db6de7a22d79da
parent 5777e853e2e4083e39dada09abb3daa89f9d9124
Author: parazyd <parazyd@dyne.org>
Date: Mon, 11 Dec 2017 21:52:28 +0100
Add test for ValidSecondHandshake
Diffstat:
3 files changed, 56 insertions(+), 4 deletions(-)
diff --git a/cmd/dam-dir/main.go b/cmd/dam-dir/main.go
@@ -169,12 +169,12 @@ func handlePost(rw http.ResponseWriter, request *http.Request) {
info["firstseen"] = n.Firstseen
info["valid"] = 0 // This should be 1 after the node is not considered malicious
}
- log.Println("Writing to Redis")
+ log.Printf("%s: Writing to Redis\n", n.Address)
redRet, err := RedisCli.HMSet(n.Address, info).Result()
lib.CheckError(err)
if redRet == "OK" {
- log.Println("Returning encrypted secret to caller.")
+ log.Println("Returning encrypted secret to", n.Address)
if err := postback(rw, ret, 200); err != nil {
lib.CheckError(err)
}
@@ -204,10 +204,8 @@ func handlePost(rw http.ResponseWriter, request *http.Request) {
val, err := lib.VerifyMsgRsa(msg, sig, pub)
lib.CheckError(err)
if val {
- log.Println("Signature valid!")
correct = true
} else {
- log.Println("Signature invalid!")
correct = false
}
}
diff --git a/cmd/dam-dir/main_test.go b/cmd/dam-dir/main_test.go
@@ -82,6 +82,59 @@ func TestValidFirstHandshake(t *testing.T) {
t.Log("Server replied:", m.Secret)
}
+func TestValidSecondHandshake(t *testing.T) {
+ resp, err := firstAnnValid()
+ if err != nil {
+ t.Error(err)
+ }
+ if resp.StatusCode != 200 {
+ t.Error("Server did not respond with HTTP 200")
+ }
+ m, err := getRespText(resp)
+ if err != nil {
+ t.Error(err)
+ }
+ decodedSecret, err := base64.StdEncoding.DecodeString(m.Secret)
+ if err != nil {
+ t.Error(err)
+ }
+ if len(decodedSecret) != 128 {
+ t.Error("decodedSecret is not of correct length.")
+ }
+
+ // Second handshake starts here.
+ privkey, err := lib.LoadRsaKeyFromFile("./dam-private.key")
+ if err != nil {
+ t.Error(err)
+ }
+ decrypted, err := lib.DecryptMsgRsa([]byte(decodedSecret), privkey)
+ if err != nil {
+ t.Error(err)
+ }
+ decryptedEncode := base64.StdEncoding.EncodeToString(decrypted)
+ sig, err := lib.SignMsgRsa([]byte(decryptedEncode), privkey)
+ encodedSig := base64.StdEncoding.EncodeToString(sig)
+
+ vals := ValidFirst
+ vals["secret"] = decryptedEncode
+ vals["message"] = decryptedEncode
+ vals["signature"] = encodedSig
+
+ resp, err = postReq(vals)
+ if err != nil {
+ t.Error(err)
+ }
+ m, err = getRespText(resp)
+ if err != nil {
+ t.Error(err)
+ }
+ if m.Secret == "Welcome to the DAM network!" {
+ t.Log("Server replied:", m.Secret)
+ } else {
+ t.Error(m.Secret)
+ }
+}
+
func TestMain(m *testing.M) {
//cmd := exec.Command("./dam-dir")
//cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
diff --git a/pkg/damlib/crypto.go b/pkg/damlib/crypto.go
@@ -158,6 +158,7 @@ func VerifyMsgRsa(message []byte, signature []byte, pubkey *rsa.PublicKey) (bool
hashed := sha512.Sum512(message)
err := rsa.VerifyPKCS1v15(pubkey, crypto.SHA512, hashed[:], signature)
if err != nil {
+ log.Println("Signature invalid")
return false, err
}
log.Println("Signature valid")
