~bigbes/shroud

shroud/internal/awgserver/keygen_test.go -rw-r--r-- 1.5 KiB
32187908 — Eugene Blikh refactor: rename Go module to go.bigb.es/shroud a month ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

package awgserver

import (
	"encoding/base64"
	"testing"
)

func TestGeneratePrivateKey(t *testing.T) {
	key, err := GeneratePrivateKey()
	if err != nil {
		t.Fatalf("GeneratePrivateKey() error: %v", err)
	}
	raw, err := base64.StdEncoding.DecodeString(key)
	if err != nil {
		t.Fatalf("invalid base64: %v", err)
	}
	if len(raw) != 32 {
		t.Fatalf("key length = %d, want 32", len(raw))
	}
	// Check WireGuard clamping.
	if raw[0]&7 != 0 {
		t.Errorf("bits 0-2 of byte 0 should be cleared")
	}
	if raw[31]&128 != 0 {
		t.Errorf("bit 7 of byte 31 should be cleared")
	}
	if raw[31]&64 == 0 {
		t.Errorf("bit 6 of byte 31 should be set")
	}
}

func TestPublicKeyFromPrivate(t *testing.T) {
	priv, err := GeneratePrivateKey()
	if err != nil {
		t.Fatalf("GeneratePrivateKey() error: %v", err)
	}
	pub, err := PublicKeyFromPrivate(priv)
	if err != nil {
		t.Fatalf("PublicKeyFromPrivate() error: %v", err)
	}
	raw, err := base64.StdEncoding.DecodeString(pub)
	if err != nil {
		t.Fatalf("invalid base64: %v", err)
	}
	if len(raw) != 32 {
		t.Fatalf("public key length = %d, want 32", len(raw))
	}
	// Derive again — should be deterministic.
	pub2, err := PublicKeyFromPrivate(priv)
	if err != nil {
		t.Fatalf("PublicKeyFromPrivate() second call error: %v", err)
	}
	if pub != pub2 {
		t.Errorf("public key derivation not deterministic")
	}
}

func TestGeneratePrivateKey_Uniqueness(t *testing.T) {
	k1, _ := GeneratePrivateKey()
	k2, _ := GeneratePrivateKey()
	if k1 == k2 {
		t.Errorf("two generated keys should not be equal")
	}
}