diff --git a/core/crypto/enclave/enclave.go b/core/crypto/enclave/enclave.go index 845ca8f0fe..cf9037be5e 100644 --- a/core/crypto/enclave/enclave.go +++ b/core/crypto/enclave/enclave.go @@ -4,7 +4,7 @@ import ( "fmt" "strings" - "github.com/berty/berty/core/crypto/keypair" + "berty.tech/core/crypto/keypair" "github.com/pkg/errors" ) diff --git a/core/crypto/enclave/enclave_test.go b/core/crypto/enclave/enclave_test.go index 62dc68f813..4507c337f3 100644 --- a/core/crypto/enclave/enclave_test.go +++ b/core/crypto/enclave/enclave_test.go @@ -4,10 +4,10 @@ import ( "runtime" "testing" - "github.com/berty/berty/core/crypto/keypair" - "github.com/berty/berty/core/crypto/public" - "github.com/berty/berty/core/crypto/sigchain" - "github.com/berty/berty/core/test" + "berty.tech/core/crypto/keypair" + "berty.tech/core/crypto/public" + "berty.tech/core/crypto/sigchain" + "berty.tech/core/test" . "github.com/smartystreets/goconvey/convey" ) @@ -28,7 +28,6 @@ func TestEnclave(t *testing.T) { So(err, ShouldNotBeNil) return default: - So(true, ShouldBeFalse) // configure the switch for new runtimes return } @@ -47,7 +46,6 @@ func TestEnclave(t *testing.T) { So(err, ShouldNotBeNil) // Need to build Berty.app first then codesign it to use Secure Enclave return default: - So(true, ShouldBeFalse) // configure the switch for new runtimes return } @@ -116,252 +114,4 @@ func TestEnclave(t *testing.T) { }) }) }) - - /* - var ( - plainText = []byte("plainText") - key1, key2, key3 string - err error - ) - - Convey("Initialize keypairs", func() { - key1, err = NewKeyPair(KeyOpts{ - ID: "42", - Type: RSA2048, - Store: Software, - }) - So(err, ShouldBeNil) - key2, err = NewKeyPair(KeyOpts{ - ID: "42", - IDFallback: true, - Type: RSA2048, - Store: Software, - }) - So(err, ShouldBeNil) - }) - - Convey("Key generation should succeed if ID requested already exists and fallback is allowed", func() { - So(err, ShouldBeNil) - So(key1, ShouldNotEqual, key2) - }) - - Convey("Key generation should fail if ID requested already exists and fallback is disallowed", func() { - _, err = NewKeyPair(KeyOpts{ - ID: "42", - IDFallback: false, - Type: RSA2048, - Store: Software, - }) - So(err, ShouldNotBeNil) - }) - - Convey("Key generation should fail if key type/store is not specified in KeyOpts parameter", func() { - key3, err = NewKeyPair(KeyOpts{ - Store: Software, - }) - So(err, ShouldNotBeNil) - - key3, err = NewKeyPair(KeyOpts{ - Type: RSA2048, - }) - So(err, ShouldNotBeNil) - }) - - Convey("Key generation should succeed if software ECC-256 key type is requested (not implemented yet) and fallback is allowed", func() { - _, err = NewKeyPair(KeyOpts{ - Type: ECC256, - TypeFallback: true, - Store: Software, - }) - So(err, ShouldBeNil) - }) - - Convey("Key generation should fail if ECC-256 key type is requested (not implemented yet) and fallback is disallowed", func() { - _, err = NewKeyPair(KeyOpts{ - Type: ECC256, - Store: Software, - }) - - So(err, ShouldNotBeNil) - }) - - if runtime.GOOS == "darwin" { - Convey("Key generation should succeed if enclave key store is requested and platform is compatible", func() { - key3, err = NewKeyPair(KeyOpts{ - Type: ECC256, - Store: Enclave, - }) - _ = key3 - - So(err, ShouldBeNil) - }) - } else { - Convey("Key generation should succeed if enclave key store is requested but not available and fallback is allowed", func() { - key3, err = NewKeyPair(KeyOpts{ - Type: RSA2048, - Store: Enclave, - StoreFallback: true, - }) - _ = key3 - - So(err, ShouldBeNil) - }) - - Convey("Key generation should fail if enclave key store is requested but not available and fallback is disallowed", func() { - key3, err = NewKeyPair(KeyOpts{ - Type: RSA2048, - Store: Enclave, - }) - _ = key3 - - So(err, ShouldNotBeNil) - }) - } - }) - - Convey("Key pair management tests", t, func() { - - Convey("Key pair deletion should succeed if keyID exists in keys map", func() { - key3, err = NewKeyPair(KeyOpts{ - Type: RSA2048, - Store: Software, - }) - _ = key3 - - err = RemoveFromKeyPairsMap(key3) - So(err, ShouldBeNil) - }) - - if runtime.GOOS == "darwin" { - Convey("Key pair deletion should succeed if keyID exists in keys map and in keychain (darwin)", func() { - key3, err = NewKeyPair(KeyOpts{ - Type: RSA2048, - Store: Enclave, - }) - _ = key3 - - err = RemoveFromKeyPairsMap(key3) - So(err, ShouldBeNil) - }) - } - - Convey("Key pair deletion should fail if keyID doesn't exist in keys map", func() { - err = RemoveFromKeyPairsMap("unknow-id") - So(err, ShouldNotBeNil) - }) - - Convey("Key type/store getters should return the right value", func() { - var keyType KeyType = RSA2048 - var retType KeyType - var keyStore KeyStore = Software - var retStore KeyStore - key3, err = NewKeyPair(KeyOpts{ - Type: keyType, - Store: keyStore, - }) - _ = err - - retType, err = WhichKeyType(key3) - retStore, err = WhichKeyStore(key3) - So(keyType, ShouldEqual, retType) - So(keyStore, ShouldEqual, retStore) - }) - - Convey("Key type/store getter should fail with wrong keyID", func() { - _, err = WhichKeyType("unknown-id") - So(err, ShouldNotBeNil) - - _, err = WhichKeyStore("unknown-id") - So(err, ShouldNotBeNil) - }) - }) - - Convey("Encrypt/Decrypt tests", t, func() { - - cipherText1, err := Encrypt(key1, plainText) - So(err, ShouldBeNil) - cipherText2, err := Encrypt(key2, plainText) - So(err, ShouldBeNil) - - decryptedText1, err := Decrypt(key1, cipherText1) - So(err, ShouldBeNil) - decryptedText2, err := Decrypt(key2, cipherText2) - So(err, ShouldBeNil) - - Convey("Plain text and ciphertext should be different", func() { - So(string(plainText), ShouldNotEqual, string(cipherText1)) - So(string(plainText), ShouldNotEqual, string(cipherText2)) - }) - - Convey("Each ciphertext should be different", func() { - So(string(cipherText1), ShouldNotEqual, string(cipherText2)) - }) - - Convey("Decrypted text and plain text encrypted/decrypted with the same label should match", func() { - So(string(decryptedText1), ShouldEqual, string(plainText)) - So(string(decryptedText2), ShouldEqual, string(plainText)) - }) - - Convey("Encrypt/Decrypt function should fail with a wrong keyID", func() { - _, err = Encrypt("unknown-id", plainText) - So(err, ShouldNotBeNil) - - _, err = Decrypt("unknown-id", plainText) - So(err, ShouldNotBeNil) - }) - - if runtime.GOOS == "darwin" { - Convey("Decrypt with enclave should works as intended on Darwin", func() { - key3, err = NewKeyPair(KeyOpts{ - Type: RSA2048, - Store: Enclave, - }) - So(err, ShouldBeNil) - cipherText3, err := Encrypt(key3, plainText) - So(err, ShouldBeNil) - decryptedText3, err := Decrypt(key3, cipherText3) - So(err, ShouldBeNil) - - So(string(cipherText3), ShouldNotEqual, string(decryptedText3)) - So(string(decryptedText3), ShouldEqual, string(plainText)) - }) - } - }) - - Convey("Sign/Verify tests", t, func() { - signature1, err := Sign(key1, plainText) - So(err, ShouldBeNil) - signature2, err := Sign(key2, plainText) - So(err, ShouldBeNil) - - Convey("Signed text with private key should be verified by corresponding public key", func() { - verified1, err := Verify(key1, plainText, signature1) - So(err, ShouldBeNil) - verified2, err := Verify(key2, plainText, signature2) - So(err, ShouldBeNil) - So(verified1, ShouldBeTrue) - So(verified2, ShouldBeTrue) - }) - - Convey("Signed text with private key should not be verified by not corresponding public key", func() { - verified1, err := Verify(key1, plainText, signature2) - So(err, ShouldNotBeNil) - verified2, err := Verify(key2, plainText, signature1) - So(err, ShouldNotBeNil) - So(verified1, ShouldBeFalse) - So(verified2, ShouldBeFalse) - }) - }) - - Convey("Key pair persistency tests", t, func() { - Convey("TODO: Check if key pairs are restored correctly", FailureHalts, nil) - Convey("TODO: Check if key pairs are saved correctly", FailureHalts, nil) - }) - - Convey("Benchmark comparison between algorithm and software/hardware", t, func() { - // Check https://golang.org/pkg/testing/#hdr-Benchmarks - Convey("TODO: Check performance difference between ECC and RSA", FailureHalts, nil) - Convey("TODO: Check performance difference software and hardware", FailureHalts, nil) - }) - */ } diff --git a/core/crypto/enclave/id_cache.go b/core/crypto/enclave/id_cache.go index 9403617e44..7cadc1e5db 100644 --- a/core/crypto/enclave/id_cache.go +++ b/core/crypto/enclave/id_cache.go @@ -47,7 +47,7 @@ func reserveID(keyStore string) (string, error) { } cacheReservedID[keyID] = keyStore - zap.L().Debug("ID has been reserved and added to cache map", zap.String("id", keyID)) + logger().Debug("ID has been reserved and added to cache map", zap.String("id", keyID)) return keyID, nil } @@ -60,7 +60,7 @@ func freeID(keyID string) error { } delete(cacheReservedID, keyID) - zap.L().Debug("reserved keyID id has been removed from the cache", zap.String("id", keyID)) + logger().Debug("reserved keyID id has been removed from the cache", zap.String("id", keyID)) return nil } diff --git a/core/crypto/enclave/os_android.go b/core/crypto/enclave/os_android.go index 36393a2937..cce679ae27 100644 --- a/core/crypto/enclave/os_android.go +++ b/core/crypto/enclave/os_android.go @@ -3,9 +3,7 @@ package enclave import ( - "errors" - - "go.uber.org/zap" + "github.com/pkg/errors" ) // Generates RSA enclave key pair using platform specific API @@ -30,7 +28,7 @@ func signUsingEnclave(keyID string, plaintext []byte, algo KeyAlgo) ([]byte, err // Loads all reserved IDs from platform specific key store func buildCacheFromPlatformKeyStore() { - zap.L().Debug("buildCacheFromPlatformKeyStore not implemented yet") + logger().Debug("buildCacheFromPlatformKeyStore not implemented yet") } // Loads key pair from platform specific key store @@ -41,13 +39,12 @@ func loadFromPlatformKeyStore(keyID string, keyAlgo KeyAlgo) (Keypair, error) { return &RSAHardwareEnclave{id: keyID}, nil } return nil, errors.New("can't retrieve this key pair from Android key store") - } else { - _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) - if err == nil { - return &ECCHardwareEnclave{id: keyID}, nil - } - return nil, errors.New("can't retrieve this key pair from Android key store") } + _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) + if err == nil { + return &ECCHardwareEnclave{id: keyID}, nil + } + return nil, errors.New("can't retrieve this key pair from Android key store") } // Retrieves RSA public key PKIX representation from generic key store diff --git a/core/crypto/enclave/os_darwin.go b/core/crypto/enclave/os_darwin.go index e213cd5985..eb90d22cfb 100644 --- a/core/crypto/enclave/os_darwin.go +++ b/core/crypto/enclave/os_darwin.go @@ -20,8 +20,6 @@ import ( "unsafe" "github.com/pkg/errors" - - "go.uber.org/zap" ) // Converts NSData* from objective-c to golang []byte @@ -64,7 +62,7 @@ func generateEnclaveKeypairECC(size uint16) (*ECCHardwareEnclave, error) { // Try to generate a key pair within the enclave if C.generateKeyPairWithinEnclave(cString) == C.bool(true) { - zap.L().Debug("key pair generation within the Darwin Secure Enclave succeeded") + logger().Debug("key pair generation within the Darwin Secure Enclave succeeded") return &ECCHardwareEnclave{id: keyID}, nil } @@ -119,7 +117,7 @@ func signUsingEnclave(keyID string, plaintext []byte, algo KeyAlgo) ([]byte, err // Loads all reserved IDs from platform specific key store func buildCacheFromPlatformKeyStore() { - zap.L().Debug("buildCacheFromPlatformKeyStore not implemented yet") + logger().Debug("buildCacheFromPlatformKeyStore not implemented yet") } // Retrieves RSA public key PKIX representation from generic key store diff --git a/core/crypto/enclave/os_linux.go b/core/crypto/enclave/os_linux.go index deb2f4afda..8752c3e1af 100644 --- a/core/crypto/enclave/os_linux.go +++ b/core/crypto/enclave/os_linux.go @@ -3,9 +3,7 @@ package enclave import ( - "errors" - - "go.uber.org/zap" + "github.com/pkg/errors" ) // Generates RSA enclave key pair using platform specific API @@ -30,7 +28,7 @@ func signUsingEnclave(keyID string, plaintext []byte, algo KeyAlgo) ([]byte, err // Loads all reserved IDs from platform specific key store func buildCacheFromPlatformKeyStore() { - zap.L().Debug("buildCacheFromPlatformKeyStore not implemented yet") + logger().Debug("buildCacheFromPlatformKeyStore not implemented yet") } // Loads key pair from platform specific key store @@ -41,13 +39,12 @@ func loadFromPlatformKeyStore(keyID string, keyAlgo KeyAlgo) (Keypair, error) { return &RSAHardwareEnclave{id: keyID}, nil } return nil, errors.New("can't retrieve this key pair from Linux key store") - } else { - _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) - if err == nil { - return &ECCHardwareEnclave{id: keyID}, nil - } - return nil, errors.New("can't retrieve this key pair from Linux key store") } + _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) + if err == nil { + return &ECCHardwareEnclave{id: keyID}, nil + } + return nil, errors.New("can't retrieve this key pair from Linux key store") } // Retrieves RSA public key PKIX representation from generic key store diff --git a/core/crypto/enclave/os_others.go b/core/crypto/enclave/os_others.go index 251ca729b3..ae35c77e92 100644 --- a/core/crypto/enclave/os_others.go +++ b/core/crypto/enclave/os_others.go @@ -3,9 +3,7 @@ package enclave import ( - "errors" - - "go.uber.org/zap" + "github.com/pkg/errors" ) // Generates RSA enclave key pair using platform specific API @@ -30,7 +28,7 @@ func signUsingEnclave(keyID string, plaintext []byte, algo KeyAlgo) ([]byte, err // Loads all reserved IDs from platform specific key store func buildCacheFromPlatformKeyStore() { - zap.L().Debug("buildCacheFromPlatformKeyStore not implemented yet") + logger().Debug("buildCacheFromPlatformKeyStore not implemented yet") } // Loads key pair from platform specific key store @@ -41,13 +39,12 @@ func loadFromPlatformKeyStore(keyID string, keyAlgo KeyAlgo) (Keypair, error) { return &RSAHardwareEnclave{id: keyID}, nil } return nil, errors.New("can't retrieve this key pair from this platform key store") - } else { - _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) - if err == nil { - return &ECCHardwareEnclave{id: keyID}, nil - } - return nil, errors.New("can't retrieve this key pair from this platform key store") } + _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) + if err == nil { + return &ECCHardwareEnclave{id: keyID}, nil + } + return nil, errors.New("can't retrieve this key pair from this platform key store") } // Retrieves RSA public key PKIX representation from generic key store diff --git a/core/crypto/enclave/os_windows.go b/core/crypto/enclave/os_windows.go index 970767d395..1f8dddec48 100644 --- a/core/crypto/enclave/os_windows.go +++ b/core/crypto/enclave/os_windows.go @@ -3,9 +3,7 @@ package enclave import ( - "errors" - - "go.uber.org/zap" + "github.com/pkg/errors" ) // Generates RSA enclave key pair using platform specific API @@ -30,7 +28,7 @@ func signUsingEnclave(keyID string, plaintext []byte, algo KeyAlgo) ([]byte, err // Loads all reserved IDs from platform specific key store func buildCacheFromPlatformKeyStore() { - zap.L().Debug("buildCacheFromPlatformKeyStore not implemented yet") + logger().Debug("buildCacheFromPlatformKeyStore not implemented yet") } // Loads key pair from platform specific key store @@ -41,13 +39,12 @@ func loadFromPlatformKeyStore(keyID string, keyAlgo KeyAlgo) (Keypair, error) { return &RSAHardwareEnclave{id: keyID}, nil } return nil, errors.New("can't retrieve this key pair from Windows key store") - } else { - _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) - if err == nil { - return &ECCHardwareEnclave{id: keyID}, nil - } - return nil, errors.New("can't retrieve this key pair from Windows key store") } + _, err := getECCPubKeyPKIXFromPlatformKeyStore(keyID) + if err == nil { + return &ECCHardwareEnclave{id: keyID}, nil + } + return nil, errors.New("can't retrieve this key pair from Windows key store") } // Retrieves RSA public key PKIX representation from generic key store diff --git a/core/crypto/enclave/software.go b/core/crypto/enclave/software.go index 9a08cd870e..d896e8263d 100644 --- a/core/crypto/enclave/software.go +++ b/core/crypto/enclave/software.go @@ -9,7 +9,6 @@ import ( "fmt" "github.com/pkg/errors" - "go.uber.org/zap" ) func generateSoftwareKeypairRSA(size uint16) (*RSASoftwareEnclave, error) { @@ -18,7 +17,7 @@ func generateSoftwareKeypairRSA(size uint16) (*RSASoftwareEnclave, error) { if err != nil { return nil, errors.Wrap(err, "key pair generation failed") } - zap.L().Debug(fmt.Sprintf("software RSA-%d key pair generated successfully", size)) + logger().Debug(fmt.Sprintf("software RSA-%d key pair generated successfully", size)) _, err = x509.MarshalPKIXPublicKey(&keyPairRSA.PublicKey) if err != nil { diff --git a/core/crypto/public/verify.go b/core/crypto/public/verify.go index 72366e8054..2b3404925d 100644 --- a/core/crypto/public/verify.go +++ b/core/crypto/public/verify.go @@ -11,7 +11,7 @@ import ( func Verify(plaintext []byte, signature []byte, pubKeyBytes []byte) error { err := verifyUsingHardware(plaintext, signature, pubKeyBytes) - if err == errors.Wrap(ErrNotImplemented, "hardware verification on this platform") { + if errors.Cause(err) == ErrNotImplemented { err = verifyUsingSoftware(plaintext, signature, pubKeyBytes) }