840418c33e
Ambiguous constructor name required reading the return type to know what it builds. NewPacketBuilder is self-documenting without context. Co-Authored-By: Charon <charon@lethean.io>
94 lines
3 KiB
Go
94 lines
3 KiB
Go
package ueps
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"testing"
|
|
)
|
|
|
|
// builder := NewPacketBuilder(0x01, []byte("hello")); frame, _ := builder.MarshalAndSign(secret)
|
|
// packet, err := ReadAndVerify(bufio.NewReader(bytes.NewReader(frame)), secret)
|
|
// // packet.Header.IntentID == 0x01; packet.Payload == []byte("hello")
|
|
func TestReader_ReadAndVerify_Good(t *testing.T) {
|
|
sharedSecret := []byte("test-shared-secret")
|
|
payload := []byte("hello world")
|
|
intentID := uint8(0x01)
|
|
|
|
builder := NewPacketBuilder(intentID, payload)
|
|
frame, err := builder.MarshalAndSign(sharedSecret)
|
|
if err != nil {
|
|
t.Fatalf("MarshalAndSign failed: %v", err)
|
|
}
|
|
|
|
reader := bufio.NewReader(bytes.NewReader(frame))
|
|
packet, err := ReadAndVerify(reader, sharedSecret)
|
|
|
|
if err != nil {
|
|
t.Fatalf("ReadAndVerify failed: %v", err)
|
|
}
|
|
if packet == nil {
|
|
t.Fatal("ReadAndVerify returned nil packet")
|
|
}
|
|
if packet.Header.IntentID != intentID {
|
|
t.Errorf("expected IntentID 0x%02x, got 0x%02x", intentID, packet.Header.IntentID)
|
|
}
|
|
if packet.Header.Version != 0x09 {
|
|
t.Errorf("expected Version 0x09, got 0x%02x", packet.Header.Version)
|
|
}
|
|
if !bytes.Equal(packet.Payload, payload) {
|
|
t.Errorf("expected Payload %q, got %q", payload, packet.Payload)
|
|
}
|
|
}
|
|
|
|
// frame[len(frame)-1] ^= 0xFF // corrupt last byte
|
|
// packet, err := ReadAndVerify(bufio.NewReader(bytes.NewReader(frame)), secret)
|
|
// // err != nil; "integrity violation" in error message
|
|
func TestReader_ReadAndVerify_Bad(t *testing.T) {
|
|
sharedSecret := []byte("test-shared-secret")
|
|
|
|
builder := NewPacketBuilder(0x02, []byte("sensitive data"))
|
|
frame, err := builder.MarshalAndSign(sharedSecret)
|
|
if err != nil {
|
|
t.Fatalf("MarshalAndSign failed: %v", err)
|
|
}
|
|
|
|
// Corrupt the last byte of the payload
|
|
corrupted := make([]byte, len(frame))
|
|
copy(corrupted, frame)
|
|
corrupted[len(corrupted)-1] ^= 0xFF
|
|
|
|
reader := bufio.NewReader(bytes.NewReader(corrupted))
|
|
packet, err := ReadAndVerify(reader, sharedSecret)
|
|
|
|
if err == nil {
|
|
t.Fatal("expected error for corrupted frame, got nil")
|
|
}
|
|
if packet != nil {
|
|
t.Error("expected nil packet for corrupted frame")
|
|
}
|
|
}
|
|
|
|
// frameWithoutHMAC := []byte{TagVersion, 0x01, 0x09, TagPayload, 'x'}
|
|
// packet, err := ReadAndVerify(bufio.NewReader(bytes.NewReader(frameWithoutHMAC)), secret)
|
|
// // err == errMissingHMAC (no 0x06 HMAC tag present in stream)
|
|
func TestReader_ReadAndVerify_Ugly(t *testing.T) {
|
|
// Craft a minimal frame that contains valid TLVs but omits the HMAC tag (0x06).
|
|
// TagPayload (0xFF) terminates the header loop; errMissingHMAC must be returned.
|
|
frameWithoutHMAC := []byte{
|
|
TagVersion, 0x01, 0x09, // version TLV
|
|
TagPayload, 'x', // payload tag + data; no HMAC TLV precedes it
|
|
}
|
|
|
|
reader := bufio.NewReader(bytes.NewReader(frameWithoutHMAC))
|
|
packet, err := ReadAndVerify(reader, []byte("any-secret"))
|
|
|
|
if err == nil {
|
|
t.Fatal("expected errMissingHMAC for frame with no HMAC tag, got nil")
|
|
}
|
|
if err != errMissingHMAC {
|
|
t.Errorf("expected errMissingHMAC, got %v", err)
|
|
}
|
|
if packet != nil {
|
|
t.Error("expected nil packet when HMAC tag is absent")
|
|
}
|
|
}
|