diff options
| author | Gab Virebent <gabriel1@virebent.art> | 2026-07-12 19:48:39 +0200 |
|---|---|---|
| committer | Gab Virebent <gabriel1@virebent.art> | 2026-07-12 19:48:39 +0200 |
| commit | 41d3abd30cb30be8a8e95c8396da5bb84ab72881 (patch) | |
| tree | 4061a284058c1ce60a423757b9370a329a96cfc1 /internal/reader/reader_test.go | |
| parent | bec3734676faf3868ea225e0316e77ad5a7e4421 (diff) | |
| download | nymdrop-41d3abd30cb30be8a8e95c8396da5bb84ab72881.tar.gz nymdrop-41d3abd30cb30be8a8e95c8396da5bb84ab72881.tar.xz nymdrop-41d3abd30cb30be8a8e95c8396da5bb84ab72881.zip | |
Add Fyne GUI and portable --data-dir mode to nymdrop-reader
Extract reader logic (key management, embedded nym-client lifecycle,
receive loop, decrypt, save) into internal/reader as a Hooks-driven
package, shared by both the existing headless CLI and a new --gui mode
built with Fyne. Add --data-dir to make a reader instance fully
self-contained: privkey, inbox, and the embedded nym-client's own state
(normally fixed to $HOME/.nym) all live under the given directory via a
HOME override on the subprocess, enabling zero-trace USB operation.
CLI default behavior is unchanged (same paths, same protocol) so the
pietro deployment is unaffected.
Diffstat (limited to 'internal/reader/reader_test.go')
| -rw-r--r-- | internal/reader/reader_test.go | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/internal/reader/reader_test.go b/internal/reader/reader_test.go new file mode 100644 index 0000000..896f8c0 --- /dev/null +++ b/internal/reader/reader_test.go @@ -0,0 +1,64 @@ +package reader + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/ecdh" + "crypto/rand" + "crypto/sha256" + "encoding/hex" + "io" + "testing" + + "golang.org/x/crypto/hkdf" +) + +// Verifies the decryptMessage path still produces the correct plaintext after +// wrapping the ECDH/HKDF secrets in memguard.LockedBuffer, using the exact +// wire format the browser client (static/crypto.js) and relay produce. +func TestDecryptMessageAfterMemguard(t *testing.T) { + readerPriv, err := ecdh.X25519().GenerateKey(rand.Reader) + if err != nil { + t.Fatal(err) + } + ephPriv, err := ecdh.X25519().GenerateKey(rand.Reader) + if err != nil { + t.Fatal(err) + } + + shared, err := ephPriv.ECDH(readerPriv.PublicKey()) + if err != nil { + t.Fatal(err) + } + aesKey := make([]byte, 32) + hkdfR := hkdf.New(sha256.New, shared, make([]byte, 32), []byte("nymdrop-v1")) + if _, err := io.ReadFull(hkdfR, aesKey); err != nil { + t.Fatal(err) + } + block, err := aes.NewCipher(aesKey) + if err != nil { + t.Fatal(err) + } + gcm, err := cipher.NewGCM(block) + if err != nil { + t.Fatal(err) + } + iv := make([]byte, 12) + if _, err := rand.Read(iv); err != nil { + t.Fatal(err) + } + want := "E2E memguard verification message" + ciphertext := gcm.Seal(nil, iv, []byte(want), nil) + + packet := append(append(append([]byte{}, ephPriv.PublicKey().Bytes()...), iv...), ciphertext...) + noncePrefix := hex.EncodeToString(make([]byte, 16)) + ":" + raw := append([]byte(noncePrefix), packet...) + + got, err := decryptMessage(raw, readerPriv) + if err != nil { + t.Fatalf("decryptMessage: %v", err) + } + if got != want { + t.Fatalf("plaintext mismatch: got %q want %q", got, want) + } +} |
