Skip to content

Commit 7d07720

Browse files
committed
More test coverage
1 parent 232ceb6 commit 7d07720

3 files changed

Lines changed: 32 additions & 15 deletions

File tree

keystore/admin.go

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,6 @@ var (
2323
ErrUnsupportedKeyType = fmt.Errorf("unsupported key type")
2424
)
2525

26-
// CreateKeysRequest represents a request to create multiple keys.
27-
// The Keys slice will be processed in order, and the response will preserve this order.
28-
// It's atomic in that all keys are created or none are created.
2926
type CreateKeysRequest struct {
3027
Keys []CreateKeyRequest
3128
}
@@ -35,9 +32,6 @@ type CreateKeyRequest struct {
3532
KeyType KeyType
3633
}
3734

38-
// CreateKeysResponse contains the created keys in the same order as they were
39-
// requested in CreateKeysRequest.Keys. This ordering guarantee allows clients
40-
// to rely on consistent indexing when processing the response.
4135
type CreateKeysResponse struct {
4236
Keys []CreateKeyResponse
4337
}
@@ -135,10 +129,8 @@ func ValidKeyName(name string) error {
135129
return nil
136130
}
137131

138-
// CreateKeys creates multiple keys in a single operation. The keys are processed
139-
// in the order they appear in req.Keys, and the response preserves this exact order.
140-
// This ordering guarantee allows clients to rely on consistent indexing when
141-
// processing the response (e.g., keys[0] corresponds to req.Keys[0]).
132+
// CreateKeys creates multiple keys in a single operation. The response preserves the order of the request.
133+
// It's atomic - either all keys are created or none are created.
142134
func (ks *keystore) CreateKeys(ctx context.Context, req CreateKeysRequest) (CreateKeysResponse, error) {
143135
ks.mu.Lock()
144136
defer ks.mu.Unlock()

keystore/encryptor.go

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -287,10 +287,6 @@ func (k *keystore) DeriveSharedSecret(ctx context.Context, req DeriveSharedSecre
287287
k.mu.RLock()
288288
defer k.mu.RUnlock()
289289

290-
if req.LocalKeyName == "" || len(req.RemotePubKey) == 0 {
291-
return DeriveSharedSecretResponse{}, ErrEncryptionFailed
292-
}
293-
294290
key, ok := k.keystore[req.LocalKeyName]
295291
if !ok {
296292
return DeriveSharedSecretResponse{}, ErrEncryptionFailed
@@ -314,6 +310,9 @@ func (k *keystore) DeriveSharedSecret(ctx context.Context, req DeriveSharedSecre
314310
if err != nil {
315311
return DeriveSharedSecretResponse{}, ErrEncryptionFailed
316312
}
313+
if len(req.RemotePubKey) == 32 {
314+
return DeriveSharedSecretResponse{}, ErrEncryptionFailed
315+
}
317316
remotePub, err := curve.NewPublicKey(req.RemotePubKey)
318317
if err != nil {
319318
return DeriveSharedSecretResponse{}, ErrEncryptionFailed

keystore/encryptor_test.go

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,32 @@ func TestEncryptDecrypt(t *testing.T) {
8181
}
8282
}
8383

84+
func TestEncryptDecrypt_SharedSecret(t *testing.T) {
85+
ctx := context.Background()
86+
ks, err := keystore.LoadKeystore(ctx, storage.NewMemoryStorage(), keystore.EncryptionParams{
87+
Password: "test-password",
88+
ScryptParams: keystore.FastScryptParams,
89+
})
90+
require.NoError(t, err)
91+
92+
for _, keyType := range keystore.AllEncryptionKeyTypes {
93+
t.Run(fmt.Sprintf("keyType_%s", keyType), func(t *testing.T) {
94+
keyName := fmt.Sprintf("test-key-%s", keyType)
95+
keys, err := ks.CreateKeys(ctx, keystore.CreateKeysRequest{
96+
Keys: []keystore.CreateKeyRequest{
97+
{KeyName: keyName, KeyType: keyType},
98+
},
99+
})
100+
require.NoError(t, err)
101+
_, err = ks.DeriveSharedSecret(ctx, keystore.DeriveSharedSecretRequest{
102+
LocalKeyName: keyName,
103+
RemotePubKey: keys.Keys[0].KeyInfo.PublicKey,
104+
})
105+
require.NoError(t, err)
106+
})
107+
}
108+
}
109+
84110
func TestEncryptDecrypt_PayloadSizeLimit(t *testing.T) {
85111
ctx := context.Background()
86112
ks, err := keystore.LoadKeystore(ctx, storage.NewMemoryStorage(), keystore.EncryptionParams{
@@ -89,7 +115,7 @@ func TestEncryptDecrypt_PayloadSizeLimit(t *testing.T) {
89115
})
90116
require.NoError(t, err)
91117

92-
for _, keyType := range []keystore.KeyType{keystore.EcdhP256} {
118+
for _, keyType := range keystore.AllEncryptionKeyTypes {
93119
t.Run(fmt.Sprintf("keyType_%s", keyType), func(t *testing.T) {
94120
keyName := fmt.Sprintf("test-key-%s", keyType)
95121
keys, err := ks.CreateKeys(ctx, keystore.CreateKeysRequest{

0 commit comments

Comments
 (0)