phase 1 foundations: api types, store, crypto, auth
Lands the bottom three layers of Phase 1: P1-08 internal/api: protocol_version + envelope + every WS message shape from spec.md §6.2 (Hello, Heartbeat, Job*, Schedule*, etc). Wire-format tests pin the JSON shape so a rename here breaks tests instead of silently breaking the agent. P1-02 + P1-03 internal/store: SQLite via modernc.org/sqlite, embed.FS + a tiny version table for hand-rolled migrations. 0001_initial.sql covers every table from spec.md §5 plus enrollment_tokens and host_schedule_version. Typed accessors for users / sessions / enrollment / audit. WAL + foreign_keys + busy_timeout on by default. P1-06 internal/crypto: XChaCha20-Poly1305 AEAD wrapper with per-message random nonce. Key file lifecycle (generate + refuse-to-overwrite, load with size validation). Optional additionalData binds ciphertext to the row that owns it. P1-04 internal/auth (partial — passwords + tokens; sessions middleware lands with the HTTP handlers): argon2id following RFC 9106 (64 MiB / t=3 / p=4 / 32B), constant-time verify. HashToken stores SHA-256 of session/agent/enrollment tokens so a stolen DB doesn't hand over credentials. Build floor moves to Go 1.25 (modernc.org/sqlite v1.50+ requires it); CI + Dockerfile + README updated. Markdown lint diagnostics on tasks.md cleared. All packages tested. ~70 new tests pass in <1s. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,110 @@
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/rand"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestRoundTrip(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
key := make([]byte, KeyLen)
|
||||
if _, err := rand.Read(key); err != nil {
|
||||
t.Fatalf("rand: %v", err)
|
||||
}
|
||||
a, err := NewAEAD(key)
|
||||
if err != nil {
|
||||
t.Fatalf("new: %v", err)
|
||||
}
|
||||
|
||||
plaintext := []byte("super-secret-restic-password")
|
||||
ad := []byte("repos/01HJ8K7/password")
|
||||
|
||||
ct, err := a.Encrypt(plaintext, ad)
|
||||
if err != nil {
|
||||
t.Fatalf("encrypt: %v", err)
|
||||
}
|
||||
if ct == "" {
|
||||
t.Fatal("ciphertext empty")
|
||||
}
|
||||
pt, err := a.Decrypt(ct, ad)
|
||||
if err != nil {
|
||||
t.Fatalf("decrypt: %v", err)
|
||||
}
|
||||
if !bytes.Equal(pt, plaintext) {
|
||||
t.Errorf("round-trip mismatch: got %q want %q", pt, plaintext)
|
||||
}
|
||||
}
|
||||
|
||||
func TestADMismatchFails(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
key := make([]byte, KeyLen)
|
||||
_, _ = rand.Read(key)
|
||||
a, _ := NewAEAD(key)
|
||||
|
||||
ct, _ := a.Encrypt([]byte("secret"), []byte("context-A"))
|
||||
if _, err := a.Decrypt(ct, []byte("context-B")); err == nil {
|
||||
t.Fatal("expected AD-mismatch failure, got nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestNonceUniqueness(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
key := make([]byte, KeyLen)
|
||||
_, _ = rand.Read(key)
|
||||
a, _ := NewAEAD(key)
|
||||
|
||||
// Same plaintext + AD must produce different ciphertexts because
|
||||
// we use a random nonce per call. If this ever fails the AEAD is
|
||||
// broken or someone made the nonce deterministic.
|
||||
ct1, _ := a.Encrypt([]byte("x"), nil)
|
||||
ct2, _ := a.Encrypt([]byte("x"), nil)
|
||||
if ct1 == ct2 {
|
||||
t.Fatal("two encryptions produced identical ciphertext — nonce reuse")
|
||||
}
|
||||
}
|
||||
|
||||
func TestKeyFileLifecycle(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
dir := t.TempDir()
|
||||
path := filepath.Join(dir, "secret.key")
|
||||
|
||||
if err := GenerateKeyFile(path); err != nil {
|
||||
t.Fatalf("generate: %v", err)
|
||||
}
|
||||
// Refusal-to-overwrite is the safety property — a re-run of the
|
||||
// server must not silently swap the key.
|
||||
if err := GenerateKeyFile(path); err == nil {
|
||||
t.Fatal("expected refusal to overwrite, got nil")
|
||||
}
|
||||
|
||||
key, err := LoadKeyFromFile(path)
|
||||
if err != nil {
|
||||
t.Fatalf("load: %v", err)
|
||||
}
|
||||
if len(key) != KeyLen {
|
||||
t.Errorf("key length: got %d want %d", len(key), KeyLen)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRejectShortKey(t *testing.T) {
|
||||
t.Parallel()
|
||||
if _, err := NewAEAD(make([]byte, KeyLen-1)); err == nil {
|
||||
t.Fatal("expected short-key rejection, got nil")
|
||||
}
|
||||
}
|
||||
|
||||
func TestRejectShortCiphertext(t *testing.T) {
|
||||
t.Parallel()
|
||||
key := make([]byte, KeyLen)
|
||||
_, _ = rand.Read(key)
|
||||
a, _ := NewAEAD(key)
|
||||
if _, err := a.Decrypt("AAAA", nil); err == nil {
|
||||
t.Fatal("expected short-ciphertext rejection, got nil")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user