You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

403 lines
19 KiB

// Copyright © 2022 Rangeproof Pty Ltd. All rights reserved.
import Foundation
import Sodium
import SessionUtilitiesKit
import Quick
import Nimble
@testable import SessionMessagingKit
class CryptoSMKSpec: QuickSpec {
// MARK: - Spec
override func spec() {
var crypto: Crypto!
var mockCrypto: MockCrypto!
var dependencies: Dependencies!
beforeEach {
crypto = Crypto()
mockCrypto = MockCrypto()
dependencies = Dependencies(crypto: crypto)
describe("Crypto for SessionMessagingKit") {
// MARK: - when extending Sign
context("when extending Sign") {
// MARK: -- can convert an ed25519 public key into an x25519 public key
it("can convert an ed25519 public key into an x25519 public key") {
let result = try? crypto.perform(.toX25519(ed25519PublicKey: TestConstants.edPublicKey.bytes))
// MARK: -- can convert an ed25519 private key into an x25519 private key
it("can convert an ed25519 private key into an x25519 private key") {
let result = try? crypto.perform(.toX25519(ed25519SecretKey: TestConstants.edSecretKey.bytes))
// MARK: - when extending Sodium
context("when extending Sodium") {
// MARK: -- and generating a blinding factor
context("and generating a blinding factor") {
// MARK: --- successfully generates a blinding factor
it("successfully generates a blinding factor") {
let result = try? crypto.perform(
serverPublicKey: TestConstants.serverPublicKey,
using: dependencies
// MARK: --- fails if the serverPublicKey is not a hex string
it("fails if the serverPublicKey is not a hex string") {
let result = try? crypto.perform(
serverPublicKey: "Test",
using: dependencies
// MARK: --- fails if it cannot hash the serverPublicKey bytes
it("fails if it cannot hash the serverPublicKey bytes") {
dependencies = Dependencies(crypto: mockCrypto)
.when { try $0.perform(.hash(message: anyArray(), outputLength: any())) }
let result = try? crypto.perform(
serverPublicKey: TestConstants.serverPublicKey,
using: dependencies
// MARK: -- and generating a blinded key pair
context("and generating a blinded key pair") {
// MARK: --- successfully generates a blinded key pair
it("successfully generates a blinded key pair") {
let result = crypto.generate(
serverPublicKey: TestConstants.serverPublicKey,
edKeyPair: KeyPair(
publicKey: Data(hex: TestConstants.edPublicKey).bytes,
secretKey: Data(hex: TestConstants.edSecretKey).bytes
using: dependencies
// Note: The first 64 characters of the secretKey are consistent but the chars after that always differ
expect(String(result?.secretKey.toHexString().prefix(64) ?? ""))
// MARK: --- fails if the edKeyPair public key length wrong
it("fails if the edKeyPair public key length wrong") {
let result = crypto.generate(
serverPublicKey: TestConstants.serverPublicKey,
edKeyPair: KeyPair(
publicKey: Data(hex: String(TestConstants.edPublicKey.prefix(4))).bytes,
secretKey: Data(hex: TestConstants.edSecretKey).bytes
using: dependencies
// MARK: --- fails if the edKeyPair secret key length wrong
it("fails if the edKeyPair secret key length wrong") {
let result = crypto.generate(
serverPublicKey: TestConstants.serverPublicKey,
edKeyPair: KeyPair(
publicKey: Data(hex: TestConstants.edPublicKey).bytes,
secretKey: Data(hex: String(TestConstants.edSecretKey.prefix(4))).bytes
using: dependencies
// MARK: --- fails if it cannot generate a blinding factor
it("fails if it cannot generate a blinding factor") {
let result = crypto.generate(
serverPublicKey: "Test",
edKeyPair: KeyPair(
publicKey: Data(hex: TestConstants.edPublicKey).bytes,
secretKey: Data(hex: TestConstants.edSecretKey).bytes
using: dependencies
// MARK: -- and generating a sogsSignature
context("and generating a sogsSignature") {
// MARK: --- generates a correct signature
it("generates a correct signature") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
secretKey: Data(hex: TestConstants.edSecretKey).bytes,
blindedSecretKey: Data(hex: "44d82cc15c0a5056825cae7520b6b52d000a23eb0c5ed94c4be2d9dc41d2d409").bytes,
blindedPublicKey: Data(hex: "0bb7815abb6ba5142865895f3e5286c0527ba4d31dbb75c53ce95e91ffe025a2").bytes
"dcc086abdd2a740d9260b008fb37e12aa0ff47bd2bd9e177bbbec37fd46705a9" +
// MARK: -- and combining keys
context("and combining keys") {
// MARK: --- generates a correct combined key
it("generates a correct combined key") {
let result = try? crypto.perform(
lhsKeyBytes: Data(hex: TestConstants.edSecretKey).bytes,
rhsKeyBytes: Data(hex: TestConstants.edPublicKey).bytes
// MARK: -- and creating a shared blinded encryption key
context("and creating a shared blinded encryption key") {
// MARK: --- generates a correct combined key
it("generates a correct combined key") {
let result = try? crypto.perform(
secretKey: Data(hex: TestConstants.edSecretKey).bytes,
otherBlindedPublicKey: Data(hex: TestConstants.blindedPublicKey).bytes,
fromBlindedPublicKey: Data(hex: TestConstants.publicKey).bytes,
toBlindedPublicKey: Data(hex: TestConstants.blindedPublicKey).bytes,
using: dependencies
// MARK: --- fails if the scalar multiplication fails
it("fails if the scalar multiplication fails") {
let result = try? crypto.perform(
secretKey: Data(hex: TestConstants.edSecretKey).bytes,
otherBlindedPublicKey: Data(hex: TestConstants.publicKey).bytes,
fromBlindedPublicKey: Data(hex: TestConstants.edPublicKey).bytes,
toBlindedPublicKey: Data(hex: TestConstants.publicKey).bytes,
using: dependencies
// MARK: -- and checking if a session id matches a blinded id
context("and checking if a session id matches a blinded id") {
// MARK: --- returns true when they match
it("returns true when they match") {
let result = crypto.verify(
matchesBlindedId: "15\(TestConstants.blindedPublicKey)",
serverPublicKey: TestConstants.serverPublicKey,
using: dependencies
// MARK: --- returns false if given an invalid session id
it("returns false if given an invalid session id") {
let result = crypto.verify(
matchesBlindedId: "15\(TestConstants.blindedPublicKey)",
serverPublicKey: TestConstants.serverPublicKey,
using: dependencies
// MARK: --- returns false if given an invalid blinded id
it("returns false if given an invalid blinded id") {
let result = crypto.verify(
matchesBlindedId: "AB\(TestConstants.blindedPublicKey)",
serverPublicKey: TestConstants.serverPublicKey,
using: dependencies
// MARK: --- returns false if it fails to generate the blinding factor
it("returns false if it fails to generate the blinding factor") {
let result = crypto.verify(
matchesBlindedId: "15\(TestConstants.blindedPublicKey)",
serverPublicKey: "Test",
using: dependencies
// MARK: - when extending GenericHash
describe("when extending GenericHash") {
// MARK: -- and generating a hash with salt and personal values
context("and generating a hash with salt and personal values") {
// MARK: --- generates a hash correctly
it("generates a hash correctly") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
outputLength: 32,
key: "Key".bytes,
salt: "Salt".bytes,
personal: "Personal".bytes
// MARK: --- generates a hash correctly with no key
it("generates a hash correctly with no key") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
outputLength: 32,
key: nil,
salt: "Salt".bytes,
personal: "Personal".bytes
// MARK: --- fails if given invalid options
it("fails if given invalid options") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
outputLength: 65, // Max of 64
key: "Key".bytes,
salt: "Salt".bytes,
personal: "Personal".bytes
// MARK: - when extending AeadXChaCha20Poly1305Ietf
context("when extending AeadXChaCha20Poly1305Ietf") {
// MARK: -- when encrypting
context("when encrypting") {
// MARK: --- encrypts correctly
it("encrypts correctly") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
secretKey: Data(hex: TestConstants.publicKey).bytes,
nonce: "TestNonce".bytes,
additionalData: nil,
using: Dependencies()
// MARK: --- encrypts correctly with additional data
it("encrypts correctly with additional data") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
secretKey: Data(hex: TestConstants.publicKey).bytes,
nonce: "TestNonce".bytes,
additionalData: "TestData".bytes,
using: Dependencies()
// MARK: --- fails if given an invalid key
it("fails if given an invalid key") {
let result = try? crypto.perform(
message: "TestMessage".bytes,
secretKey: "TestKey".bytes,
nonce: "TestNonce".bytes,
additionalData: "TestData".bytes,
using: Dependencies()