check whether we can properly decrypt an encryped audit log that is truncated at the tail
(t *testing.T)
| 26 | |
| 27 | // check whether we can properly decrypt an encryped audit log that is truncated at the tail |
| 28 | func TestDecrypt(t *testing.T) { |
| 29 | key, err := os.ReadFile("../enc/test-fixtures/enc-key") |
| 30 | require.NoError(t, err) |
| 31 | |
| 32 | // encrypted audit logs generated by TestGenerateAuditLogForTestDecrypt in testutil/audit.go |
| 33 | // we check this in because we want this test to be a unit test |
| 34 | filePath := "testfiles/zero_audit_0_1.log.enc" |
| 35 | copyPath := "testfiles/zero_audit_0_1.log.enc.copy" |
| 36 | decryptedPath := "testfiles/zero_audit_0_1.log" |
| 37 | |
| 38 | // during test we will truncate copy of file |
| 39 | copy(t, filePath, copyPath) |
| 40 | defer os.RemoveAll(copyPath) |
| 41 | |
| 42 | file, err := os.OpenFile(copyPath, os.O_RDWR, 0666) |
| 43 | require.NoError(t, err) |
| 44 | defer func() { |
| 45 | if err := file.Close(); err != nil { |
| 46 | t.Fatal("error closing file") |
| 47 | } |
| 48 | }() |
| 49 | |
| 50 | stat, err := os.Stat(copyPath) |
| 51 | require.NoError(t, err) |
| 52 | sz := stat.Size() // get size of audit log |
| 53 | |
| 54 | outfile, err := os.OpenFile(decryptedPath, |
| 55 | os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm) |
| 56 | require.NoError(t, err) |
| 57 | defer func() { |
| 58 | if err := outfile.Close(); err != nil { |
| 59 | t.Fatal(err) |
| 60 | } |
| 61 | }() |
| 62 | defer os.RemoveAll("testfiles/zero_audit_0_1.log") |
| 63 | block, err := aes.NewCipher(key) |
| 64 | require.NoError(t, err) |
| 65 | |
| 66 | zeroCmd := []string{"/removeNode", "/assign", "/moveTablet"} |
| 67 | |
| 68 | // size of audit log is 825 bytes |
| 69 | // keep truncating encrypted audit log file 5 bytes at a time |
| 70 | for i := 0; i <= int(sz); i = i + 5 { |
| 71 | switch { |
| 72 | case i == 0: |
| 73 | require.NoError(t, decrypt(file, outfile, block, sz)) |
| 74 | testaudit.VerifyLogs(t, decryptedPath, zeroCmd) |
| 75 | // clear output file |
| 76 | require.NoError(t, outfile.Truncate(0)) |
| 77 | _, err := outfile.Seek(0, 0) |
| 78 | require.NoError(t, err) |
| 79 | case 5 <= i && i <= 275: |
| 80 | require.NoError(t, file.Truncate(sz-int64(i))) |
| 81 | require.NoError(t, decrypt(file, outfile, block, sz)) |
| 82 | testaudit.VerifyLogs(t, decryptedPath, zeroCmd[0:1]) |
| 83 | require.NoError(t, outfile.Truncate(0)) |
| 84 | _, err := outfile.Seek(0, 0) |
| 85 | require.NoError(t, err) |