Add tests for unsigned encrypted messages

tari-project · Jan 22, 2023 · ef7544b · ef7544b
1 parent 5f7f04b
commit ef7544b
Showing 1 changed file with 115 additions and 0 deletions.
diff --git a/comms/dht/src/inbound/decryption.rs b/comms/dht/src/inbound/decryption.rs
@@ -790,4 +790,119 @@ mod test {
         mock_state.await_call_count(1).await;
         assert_eq!(mock_state.count_calls_containing("BanPeer").await, 1);
     }
+
+    #[runtime::test]
+    /// Ban a peer who sends an unsigned encrypted message for which we are the recipient
+    async fn decrypt_inbound_fail_missing_signature_encrypted_recipient() {
+        let (connectivity, mock) = create_connectivity_mock();
+        let mock_state = mock.spawn();
+        let result = Arc::new(Mutex::new(None));
+        let service = service_fn({
+            let result = result.clone();
+            move |msg: DecryptedDhtMessage| {
+                *result.lock().unwrap() = Some(msg);
+                future::ready(Result::<(), PipelineError>::Ok(()))
+            }
+        });
+        let node_identity = make_node_identity();
+        let mut service = DecryptionService::new(Default::default(), node_identity.clone(), connectivity, service);
+
+        let plain_text_msg = BytesMut::from(b"Secret message".as_slice());
+        let (e_secret_key, e_public_key) = make_keypair();
+        let shared_secret = CommsDHKE::new(&e_secret_key, node_identity.public_key());
+        let key_message = crypt::generate_key_message(&shared_secret);
+        let msg_tag = MessageTag::new();
+
+        let mut message = plain_text_msg.clone();
+        crypt::encrypt_message(&key_message, &mut message).unwrap();
+        let message = message.freeze();
+        let header = make_dht_header(
+            &node_identity,
+            &e_public_key,
+            &e_secret_key,
+            &message,
+            DhtMessageFlags::ENCRYPTED,
+            true,
+            msg_tag,
+            true,
+        )
+        .unwrap();
+        let envelope = DhtEnvelope::new(header.into(), message.into());
+        let msg_tag = MessageTag::new();
+        let mut inbound_msg = DhtInboundMessage::new(
+            msg_tag,
+            envelope.header.unwrap().try_into().unwrap(),
+            Arc::new(node_identity.to_peer()),
+            envelope.body,
+        );
+
+        // Replace the signature with nothing; this will get ya banned
+        inbound_msg.dht_header.message_signature = vec![];
+
+        let err = service.call(inbound_msg).await.unwrap_err();
+        let err = err.downcast::<DecryptionError>().unwrap();
+        unpack_enum!(DecryptionError::MessageSignatureNotProvidedForEncryptedMessage = err);
+        assert!(result.lock().unwrap().is_none());
+
+        mock_state.await_call_count(1).await;
+        assert_eq!(mock_state.count_calls_containing("BanPeer").await, 1);
+    }
+
+    #[runtime::test]
+    /// Ban a peer who sends an unsigned encrypted message for which we are not the recipient
+    async fn decrypt_inbound_fail_missing_signature_encrypted_not_recipient() {
+        let (connectivity, mock) = create_connectivity_mock();
+        let mock_state = mock.spawn();
+        let result = Arc::new(Mutex::new(None));
+        let service = service_fn({
+            let result = result.clone();
+            move |msg: DecryptedDhtMessage| {
+                *result.lock().unwrap() = Some(msg);
+                future::ready(Result::<(), PipelineError>::Ok(()))
+            }
+        });
+        let node_identity = make_node_identity();
+        let recipient_identity = make_node_identity();
+        let mut service = DecryptionService::new(Default::default(), node_identity.clone(), connectivity, service);
+
+        let plain_text_msg = BytesMut::from(b"Secret message".as_slice());
+        let (e_secret_key, e_public_key) = make_keypair();
+        let shared_secret = CommsDHKE::new(&e_secret_key, recipient_identity.public_key());
+        let key_message = crypt::generate_key_message(&shared_secret);
+        let msg_tag = MessageTag::new();
+
+        let mut message = plain_text_msg.clone();
+        crypt::encrypt_message(&key_message, &mut message).unwrap();
+        let message = message.freeze();
+        let header = make_dht_header(
+            &recipient_identity,
+            &e_public_key,
+            &e_secret_key,
+            &message,
+            DhtMessageFlags::ENCRYPTED,
+            true,
+            msg_tag,
+            true,
+        )
+        .unwrap();
+        let envelope = DhtEnvelope::new(header.into(), message.into());
+        let msg_tag = MessageTag::new();
+        let mut inbound_msg = DhtInboundMessage::new(
+            msg_tag,
+            envelope.header.unwrap().try_into().unwrap(),
+            Arc::new(node_identity.to_peer()),
+            envelope.body,
+        );
+
+        // Replace the signature with nothing; this will get ya banned
+        inbound_msg.dht_header.message_signature = vec![];
+
+        let err = service.call(inbound_msg).await.unwrap_err();
+        let err = err.downcast::<DecryptionError>().unwrap();
+        unpack_enum!(DecryptionError::MessageSignatureNotProvidedForEncryptedMessage = err);
+        assert!(result.lock().unwrap().is_none());
+
+        mock_state.await_call_count(1).await;
+        assert_eq!(mock_state.count_calls_containing("BanPeer").await, 1);
+    }
 }