finish ssss tests

This commit is contained in:
Sorunome 2020-06-13 18:10:24 +02:00
parent 7803dc4b93
commit ef0a567401
No known key found for this signature in database
GPG key ID: B19471D07FC9BE9C
8 changed files with 513 additions and 164 deletions

View file

@ -93,7 +93,7 @@ class CrossSigning {
}
// master key is valid, set it to verified
await masterKey.setVerified(true, false);
// and now sign bout our own key and our master key
// and now sign both our own key and our master key
await sign([
masterKey,
client.userDeviceKeys[client.userID].deviceKeys[client.deviceID]

View file

@ -405,7 +405,8 @@ class KeyManager {
try {
await loadSingleKey(room.id, sessionId);
} catch (err, stacktrace) {
print('[KeyManager] Failed to access online key backup: ' + err.toString());
print(
'[KeyManager] Failed to access online key backup: ' + err.toString());
print(stacktrace);
}
if (!hadPreviously &&

View file

@ -5850,6 +5850,15 @@ abstract class _$Database extends GeneratedDatabase {
readsFrom: {ssssCache}).map(_rowToDbSSSSCache);
}
Future<int> clearSSSSCache(int client_id) {
return customUpdate(
'DELETE FROM ssss_cache WHERE client_id = :client_id',
variables: [Variable.withInt(client_id)],
updates: {ssssCache},
updateKind: UpdateKind.delete,
);
}
Future<int> insertClient(
String name,
String homeserver_url,

View file

@ -198,6 +198,7 @@ storeUserCrossSigningKey: INSERT OR REPLACE INTO user_cross_signing_keys (client
removeUserCrossSigningKey: DELETE FROM user_cross_signing_keys WHERE client_id = :client_id AND user_id = :user_id AND public_key = :public_key;
storeSSSSCache: INSERT OR REPLACE INTO ssss_cache (client_id, type, key_id, ciphertext, content) VALUES (:client_id, :type, :key_id, :ciphertext, :content);
dbGetSSSSCache: SELECT * FROM ssss_cache WHERE client_id = :client_id AND type = :type;
clearSSSSCache: DELETE FROM ssss_cache WHERE client_id = :client_id;
insertClient: INSERT INTO clients (name, homeserver_url, token, user_id, device_id, device_name, prev_batch, olm_account) VALUES (:name, :homeserver_url, :token, :user_id, :device_id, :device_name, :prev_batch, :olm_account);
ensureRoomExists: INSERT OR IGNORE INTO rooms (client_id, room_id, membership) VALUES (:client_id, :room_id, :membership);
setRoomPrevBatch: UPDATE rooms SET prev_batch = :prev_batch WHERE client_id = :client_id AND room_id = :room_id;

View file

@ -2,5 +2,5 @@
pub run test -p vm
pub run test_coverage
pub global activate remove_from_coverage
pub global run remove_from_coverage:remove_from_coverage -f coverage/lcov.info -r '.g.dart$'
pub global run remove_from_coverage:remove_from_coverage -f coverage/lcov.info -r '\.g\.dart$'
genhtml -o coverage coverage/lcov.info || true

View file

@ -0,0 +1,113 @@
/*
* Ansible inventory script used at Famedly GmbH for managing many hosts
* Copyright (C) 2020 Famedly GmbH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import 'dart:convert';
import 'package:famedlysdk/famedlysdk.dart';
import 'package:test/test.dart';
import 'package:olm/olm.dart' as olm;
import '../fake_client.dart';
import '../fake_matrix_api.dart';
void main() {
group('Cross Signing', () {
var olmEnabled = true;
try {
olm.init();
olm.Account();
} catch (_) {
olmEnabled = false;
print('[LibOlm] Failed to load LibOlm: ' + _.toString());
}
print('[LibOlm] Enabled: $olmEnabled');
if (!olmEnabled) return;
Client client;
test('setupClient', () async {
client = await getClient();
});
test('basic things', () async {
expect(client.encryption.crossSigning.enabled, true);
});
test('selfSign', () async {
final key = client.userDeviceKeys[client.userID].masterKey;
key.setDirectVerified(false);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.crossSigning.selfSign(recoveryKey: SSSS_KEY);
expect(key.directVerified, true);
expect(
FakeMatrixApi.calledEndpoints
.containsKey('/client/r0/keys/signatures/upload'),
true);
expect(await client.encryption.crossSigning.isCached(), true);
});
test('signable', () async {
expect(
client.encryption.crossSigning
.signable([client.userDeviceKeys[client.userID].masterKey]),
true);
expect(
client.encryption.crossSigning.signable([
client.userDeviceKeys[client.userID].deviceKeys[client.deviceID]
]),
false);
expect(
client.encryption.crossSigning.signable(
[client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE']]),
true);
expect(
client.encryption.crossSigning.signable([
client.userDeviceKeys['@alice:example.com'].deviceKeys['JLAFKJWSCS']
]),
false);
});
test('sign', () async {
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.crossSigning.sign([
client.userDeviceKeys[client.userID].masterKey,
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'],
client.userDeviceKeys['@othertest:fakeServer.notExisting'].masterKey
]);
var body = json.decode(FakeMatrixApi
.calledEndpoints['/client/r0/keys/signatures/upload'].first);
expect(body['@test:fakeServer.notExisting'].containsKey('OTHERDEVICE'),
true);
expect(
body['@test:fakeServer.notExisting'].containsKey(
client.userDeviceKeys[client.userID].masterKey.publicKey),
true);
expect(
body['@othertest:fakeServer.notExisting'].containsKey(client
.userDeviceKeys['@othertest:fakeServer.notExisting']
.masterKey
.publicKey),
true);
});
test('dispose client', () async {
await client.dispose(closeDatabase: true);
});
});
}

View file

@ -50,11 +50,11 @@ void main() {
});
test('basic things', () async {
expect(client.encryption.ssss.defaultKeyId, '0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3');
expect(client.encryption.ssss.defaultKeyId,
'0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3');
});
test('encrypt / decrypt', () {
final signing = olm.PkSigning();
final key = Uint8List.fromList(SecureRandom(32).bytes);
final enc = SSSS.encryptAes('secret foxies', key, 'name');
@ -87,7 +87,10 @@ void main() {
await handle.store('best animal', 'foxies');
// alright, since we don't properly sync we will manually have to update
// account_data for this test
final content = FakeMatrixApi.calledEndpoints['/client/r0/user/%40test%3AfakeServer.notExisting/account_data/best+animal'].first;
final content = FakeMatrixApi
.calledEndpoints[
'/client/r0/user/%40test%3AfakeServer.notExisting/account_data/best+animal']
.first;
client.accountData['best animal'] = BasicEvent.fromJson({
'type': 'best animal',
'content': json.decode(content),
@ -96,23 +99,47 @@ void main() {
});
test('cache', () async {
final handle = client.encryption.ssss.open('m.cross_signing.self_signing');
final handle =
client.encryption.ssss.open('m.cross_signing.self_signing');
handle.unlock(recoveryKey: SSSS_KEY);
expect((await client.encryption.ssss.getCached('m.cross_signing.self_signing')) != null, false);
expect((await client.encryption.ssss.getCached('m.cross_signing.user_signing')) != null, false);
expect(
(await client.encryption.ssss
.getCached('m.cross_signing.self_signing')) !=
null,
false);
expect(
(await client.encryption.ssss
.getCached('m.cross_signing.user_signing')) !=
null,
false);
await handle.getStored('m.cross_signing.self_signing');
expect((await client.encryption.ssss.getCached('m.cross_signing.self_signing')) != null, true);
expect(
(await client.encryption.ssss
.getCached('m.cross_signing.self_signing')) !=
null,
true);
await handle.maybeCacheAll();
expect((await client.encryption.ssss.getCached('m.cross_signing.user_signing')) != null, true);
expect((await client.encryption.ssss.getCached('m.megolm_backup.v1')) != null, true);
expect(
(await client.encryption.ssss
.getCached('m.cross_signing.user_signing')) !=
null,
true);
expect(
(await client.encryption.ssss.getCached('m.megolm_backup.v1')) !=
null,
true);
});
test('make share requests', () async {
final key = client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
final key =
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
key.setDirectVerified(true);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.ssss.request('some.type', [key]);
expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), true);
expect(
FakeMatrixApi.calledEndpoints.keys.any(
(k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
true);
});
test('answer to share requests', () async {
@ -128,7 +155,10 @@ void main() {
);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.ssss.handleToDeviceEvent(event);
expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), true);
expect(
FakeMatrixApi.calledEndpoints.keys.any(
(k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
true);
// now test some fail scenarios
@ -145,7 +175,10 @@ void main() {
);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.ssss.handleToDeviceEvent(event);
expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
expect(
FakeMatrixApi.calledEndpoints.keys.any(
(k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
false);
// secret not cached
event = ToDeviceEvent(
@ -160,7 +193,10 @@ void main() {
);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.ssss.handleToDeviceEvent(event);
expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
expect(
FakeMatrixApi.calledEndpoints.keys.any(
(k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
false);
// is a cancelation
event = ToDeviceEvent(
@ -175,10 +211,14 @@ void main() {
);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.ssss.handleToDeviceEvent(event);
expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
expect(
FakeMatrixApi.calledEndpoints.keys.any(
(k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
false);
// device not verified
final key = client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
final key =
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
key.setDirectVerified(false);
event = ToDeviceEvent(
sender: client.userID,
@ -192,13 +232,164 @@ void main() {
);
FakeMatrixApi.calledEndpoints.clear();
await client.encryption.ssss.handleToDeviceEvent(event);
expect(FakeMatrixApi.calledEndpoints.keys.any((k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')), false);
expect(
FakeMatrixApi.calledEndpoints.keys.any(
(k) => k.startsWith('/client/r0/sendToDevice/m.room.encrypted')),
false);
key.setDirectVerified(true);
});
// test('fail', () {
// expect(true, false);
// });
test('receive share requests', () async {
final key =
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
key.setDirectVerified(true);
final handle =
client.encryption.ssss.open('m.cross_signing.self_signing');
handle.unlock(recoveryKey: SSSS_KEY);
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request('best animal', [key]);
var event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
'secret': 'foxies!',
},
encryptedContent: {
'sender_key': key.curve25519Key,
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(await client.encryption.ssss.getCached('best animal'), 'foxies!');
// test the different validators
for (final type in [
'm.cross_signing.self_signing',
'm.cross_signing.user_signing',
'm.megolm_backup.v1'
]) {
final secret = await handle.getStored(type);
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request(type, [key]);
event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id':
client.encryption.ssss.pendingShareRequests.keys.first,
'secret': secret,
},
encryptedContent: {
'sender_key': key.curve25519Key,
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(await client.encryption.ssss.getCached(type), secret);
}
// test different fail scenarios
// not encrypted
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request('best animal', [key]);
event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
'secret': 'foxies!',
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(await client.encryption.ssss.getCached('best animal'), null);
// unknown request id
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request('best animal', [key]);
event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id': 'invalid',
'secret': 'foxies!',
},
encryptedContent: {
'sender_key': key.curve25519Key,
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(await client.encryption.ssss.getCached('best animal'), null);
// not from a device we sent the request to
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request('best animal', [key]);
event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
'secret': 'foxies!',
},
encryptedContent: {
'sender_key': 'invalid',
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(await client.encryption.ssss.getCached('best animal'), null);
// secret not a string
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request('best animal', [key]);
event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
'secret': 42,
},
encryptedContent: {
'sender_key': key.curve25519Key,
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(await client.encryption.ssss.getCached('best animal'), null);
// validator doesn't check out
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.request('m.megolm_backup.v1', [key]);
event = ToDeviceEvent(
sender: client.userID,
type: 'm.secret.send',
content: {
'request_id': client.encryption.ssss.pendingShareRequests.keys.first,
'secret': 'foxies!',
},
encryptedContent: {
'sender_key': key.curve25519Key,
},
);
await client.encryption.ssss.handleToDeviceEvent(event);
expect(
await client.encryption.ssss.getCached('m.megolm_backup.v1'), null);
});
test('request all', () async {
final key =
client.userDeviceKeys[client.userID].deviceKeys['OTHERDEVICE'];
key.setDirectVerified(true);
await client.database.clearSSSSCache(client.id);
client.encryption.ssss.pendingShareRequests.clear();
await client.encryption.ssss.maybeRequestAll([key]);
expect(client.encryption.ssss.pendingShareRequests.length, 3);
});
test('dispose client', () async {
await client.dispose(closeDatabase: true);

View file

@ -539,7 +539,8 @@ class FakeMatrixApi extends MockClient {
'encrypted': {
'0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
'iv': 'eIb2IITxtmcq+1TrT8D5eQ==',
'ciphertext': 'lWRTPo5qxf4LAVwVPzGHOyMcP181n7bb9/B0lvkLDC2Oy4DvAL0eLx2x3bY=',
'ciphertext':
'lWRTPo5qxf4LAVwVPzGHOyMcP181n7bb9/B0lvkLDC2Oy4DvAL0eLx2x3bY=',
'mac': 'Ynx89tIxPkx0o6ljMgxszww17JOgB4tg4etmNnMC9XI='
}
}
@ -551,7 +552,8 @@ class FakeMatrixApi extends MockClient {
'encrypted': {
'0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
'iv': 'YqU2XIjYulYZl+bkZtGgVw==',
'ciphertext': 'kM2TSoy/jR/4d357ZoRPbpPypxQl6XRLo3FsEXz+f7vIOp82GeRp28RYb3k=',
'ciphertext':
'kM2TSoy/jR/4d357ZoRPbpPypxQl6XRLo3FsEXz+f7vIOp82GeRp28RYb3k=',
'mac': 'F+DZa5tAFmWsYSryw5EuEpzTmmABRab4GETkM85bGGo='
}
}
@ -563,7 +565,8 @@ class FakeMatrixApi extends MockClient {
'encrypted': {
'0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
'iv': 'D7AM3LXFu7ZlyGOkR+OeqQ==',
'ciphertext': 'bYA2+OMgsO6QB1E31aY+ESAWrT0fUBTXqajy4qmL7bVDSZY4Uj64EXNbHuA=',
'ciphertext':
'bYA2+OMgsO6QB1E31aY+ESAWrT0fUBTXqajy4qmL7bVDSZY4Uj64EXNbHuA=',
'mac': 'j2UtyPo/UBSoiaQCWfzCiRZXp3IRt0ZZujuXgUMjnw4='
}
}
@ -575,7 +578,8 @@ class FakeMatrixApi extends MockClient {
'encrypted': {
'0FajDWYaM6wQ4O60OZnLvwZfsBNu4Bu3': {
'iv': 'cL/0MJZaiEd3fNU+I9oJrw==',
'ciphertext': 'WL73Pzdk5wZdaaSpaeRH0uZYKcxkuV8IS6Qa2FEfA1+vMeRLuHcWlXbMX0w=',
'ciphertext':
'WL73Pzdk5wZdaaSpaeRH0uZYKcxkuV8IS6Qa2FEfA1+vMeRLuHcWlXbMX0w=',
'mac': '+xozp909S6oDX8KRV8D8ZFVRyh7eEYQpPP76f+DOsnw='
}
}
@ -1528,7 +1532,9 @@ class FakeMatrixApi extends MockClient {
},
'/client/unstable/room_keys/version': (var req) => {
'algorithm': 'm.megolm_backup.v1.curve25519-aes-sha2',
'auth_data': {'public_key': 'GXYaxqhNhUK28zUdxOmEsFRguz+PzBsDlTLlF0O0RkM'},
'auth_data': {
'public_key': 'GXYaxqhNhUK28zUdxOmEsFRguz+PzBsDlTLlF0O0RkM'
},
'count': 0,
'etag': '0',
'version': '5',
@ -1782,7 +1788,16 @@ class FakeMatrixApi extends MockClient {
'user_id': '@test:fakeServer.notExisting',
'usage': ['master'],
'keys': {
'ed25519:82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8': '82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8',
'ed25519:82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8':
'82mAXjsmbTbrE6zyShpR869jnrANO75H8nYY0nDLoJ8',
},
'signatures': {},
},
'@othertest:fakeServer.notExisting': {
'user_id': '@othertest:fakeServer.notExisting',
'usage': ['master'],
'keys': {
'ed25519:master': 'master',
},
'signatures': {},
},
@ -1792,7 +1807,16 @@ class FakeMatrixApi extends MockClient {
'user_id': '@test:fakeServer.notExisting',
'usage': ['self_signing'],
'keys': {
'ed25519:F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY': 'F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY',
'ed25519:F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY':
'F9ypFzgbISXCzxQhhSnXMkc1vq12Luna3Nw5rqViOJY',
},
'signatures': {},
},
'@othertest:fakeServer.notExisting': {
'user_id': '@othertest:fakeServer.notExisting',
'usage': ['self_signing'],
'keys': {
'ed25519:self_signing': 'self_signing',
},
'signatures': {},
},
@ -1802,7 +1826,16 @@ class FakeMatrixApi extends MockClient {
'user_id': '@test:fakeServer.notExisting',
'usage': ['user_signing'],
'keys': {
'ed25519:0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g': '0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g',
'ed25519:0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g':
'0PiwulzJ/RU86LlzSSZ8St80HUMN3dqjKa/orIJoA0g',
},
'signatures': {},
},
'@othertest:fakeServer.notExisting': {
'user_id': '@othertest:fakeServer.notExisting',
'usage': ['user_signing'],
'keys': {
'ed25519:user_signing': 'user_signing',
},
'signatures': {},
},
@ -1854,6 +1887,7 @@ class FakeMatrixApi extends MockClient {
'/client/r0/rooms/!localpart%3Aserver.abc/ban': (var reqI) => {},
'/client/r0/rooms/!localpart%3Aserver.abc/unban': (var reqI) => {},
'/client/r0/rooms/!localpart%3Aserver.abc/invite': (var reqI) => {},
'/client/r0/keys/signatures/upload': (var reqI) => {'failures': {}},
},
'PUT': {
'/client/r0/presence/${Uri.encodeComponent('@alice:example.com')}/status':