summaryrefslogtreecommitdiffstats
path: root/cmd/nymdrop-reader/memguard_verify_test.go
diff options
context:
space:
mode:
authorGab Virebent <gabriel1@virebent.art>2026-07-12 19:48:39 +0200
committerGab Virebent <gabriel1@virebent.art>2026-07-12 19:48:39 +0200
commit41d3abd30cb30be8a8e95c8396da5bb84ab72881 (patch)
tree4061a284058c1ce60a423757b9370a329a96cfc1 /cmd/nymdrop-reader/memguard_verify_test.go
parentbec3734676faf3868ea225e0316e77ad5a7e4421 (diff)
downloadnymdrop-41d3abd30cb30be8a8e95c8396da5bb84ab72881.tar.gz
nymdrop-41d3abd30cb30be8a8e95c8396da5bb84ab72881.tar.xz
nymdrop-41d3abd30cb30be8a8e95c8396da5bb84ab72881.zip
Add Fyne GUI and portable --data-dir mode to nymdrop-reader
Extract reader logic (key management, embedded nym-client lifecycle, receive loop, decrypt, save) into internal/reader as a Hooks-driven package, shared by both the existing headless CLI and a new --gui mode built with Fyne. Add --data-dir to make a reader instance fully self-contained: privkey, inbox, and the embedded nym-client's own state (normally fixed to $HOME/.nym) all live under the given directory via a HOME override on the subprocess, enabling zero-trace USB operation. CLI default behavior is unchanged (same paths, same protocol) so the pietro deployment is unaffected.
Diffstat (limited to 'cmd/nymdrop-reader/memguard_verify_test.go')
-rw-r--r--cmd/nymdrop-reader/memguard_verify_test.go64
1 files changed, 0 insertions, 64 deletions
diff --git a/cmd/nymdrop-reader/memguard_verify_test.go b/cmd/nymdrop-reader/memguard_verify_test.go
deleted file mode 100644
index 7b240e6..0000000
--- a/cmd/nymdrop-reader/memguard_verify_test.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package main
-
-import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/ecdh"
- "crypto/rand"
- "crypto/sha256"
- "encoding/hex"
- "io"
- "testing"
-
- "golang.org/x/crypto/hkdf"
-)
-
-// Verifies the decryptMessage path still produces the correct plaintext after
-// wrapping the ECDH/HKDF secrets in memguard.LockedBuffer, using the exact
-// wire format the browser client (static/crypto.js) and relay produce.
-func TestDecryptMessageAfterMemguard(t *testing.T) {
- readerPriv, err := ecdh.X25519().GenerateKey(rand.Reader)
- if err != nil {
- t.Fatal(err)
- }
- ephPriv, err := ecdh.X25519().GenerateKey(rand.Reader)
- if err != nil {
- t.Fatal(err)
- }
-
- shared, err := ephPriv.ECDH(readerPriv.PublicKey())
- if err != nil {
- t.Fatal(err)
- }
- aesKey := make([]byte, 32)
- hkdfR := hkdf.New(sha256.New, shared, make([]byte, 32), []byte("nymdrop-v1"))
- if _, err := io.ReadFull(hkdfR, aesKey); err != nil {
- t.Fatal(err)
- }
- block, err := aes.NewCipher(aesKey)
- if err != nil {
- t.Fatal(err)
- }
- gcm, err := cipher.NewGCM(block)
- if err != nil {
- t.Fatal(err)
- }
- iv := make([]byte, 12)
- if _, err := rand.Read(iv); err != nil {
- t.Fatal(err)
- }
- want := "E2E memguard verification message"
- ciphertext := gcm.Seal(nil, iv, []byte(want), nil)
-
- packet := append(append(append([]byte{}, ephPriv.PublicKey().Bytes()...), iv...), ciphertext...)
- noncePrefix := hex.EncodeToString(make([]byte, 16)) + ":"
- raw := append([]byte(noncePrefix), packet...)
-
- got, err := decryptMessage(raw, readerPriv)
- if err != nil {
- t.Fatalf("decryptMessage: %v", err)
- }
- if got != want {
- t.Fatalf("plaintext mismatch: got %q want %q", got, want)
- }
-}