oragono/irc/cloaks/cloak_test.go

// Copyright (c) 2019 Shivaram Lingamneni
// released under the MIT license

package cloaks

import (
	"net"
	"reflect"
	"testing"
)

func assertEqual(supplied, expected interface{}, t *testing.T) {
	if !reflect.DeepEqual(supplied, expected) {
		t.Errorf("expected %v but got %v", expected, supplied)
	}
}

func easyParseIP(ipstr string) (result net.IP) {
	result = net.ParseIP(ipstr)
	if result == nil {
		panic(ipstr)
	}
	return
}

func cloakConfForTesting() CloakConfig {
	config := CloakConfig{
		Enabled:     true,
		Netname:     "oragono",
		secret:      "_BdVPWB5sray7McbFmeuJL996yaLgG4l9tEyficGXKg",
		CidrLenIPv4: 32,
		CidrLenIPv6: 64,
		NumBits:     80,
	}
	config.Initialize()
	return config
}

func TestCloakDeterminism(t *testing.T) {
	config := cloakConfForTesting()

	v4ip := easyParseIP("8.8.8.8").To4()
	assertEqual(config.ComputeCloak(v4ip), "d2z5guriqhzwazyr.oragono", t)
	// use of the 4-in-6 mapping should not affect the cloak
	v6mappedIP := v4ip.To16()
	assertEqual(config.ComputeCloak(v6mappedIP), "d2z5guriqhzwazyr.oragono", t)

	v6ip := easyParseIP("2001:0db8::1")
	assertEqual(config.ComputeCloak(v6ip), "w7ren6nxii6f3i3d.oragono", t)
	// same CIDR, so same cloak:
	v6ipsamecidr := easyParseIP("2001:0db8::2")
	assertEqual(config.ComputeCloak(v6ipsamecidr), "w7ren6nxii6f3i3d.oragono", t)
	v6ipdifferentcidr := easyParseIP("2001:0db9::1")
	// different CIDR, different cloak:
	assertEqual(config.ComputeCloak(v6ipdifferentcidr), "ccmptyrjwsxv4f4d.oragono", t)

	// cloak values must be sensitive to changes in the secret key
	config.SetSecret("HJcXK4lLawxBE4-9SIdPji_21YiL3N5r5f5-SPNrGVY")
	assertEqual(config.ComputeCloak(v4ip), "4khy3usk8mfu42pe.oragono", t)
	assertEqual(config.ComputeCloak(v6mappedIP), "4khy3usk8mfu42pe.oragono", t)
	assertEqual(config.ComputeCloak(v6ip), "mxpk3c83vdxkek9j.oragono", t)
	assertEqual(config.ComputeCloak(v6ipsamecidr), "mxpk3c83vdxkek9j.oragono", t)
}

func TestCloakShortv4Cidr(t *testing.T) {
	config := CloakConfig{
		Enabled:     true,
		Netname:     "oragono",
		secret:      "_BdVPWB5sray7McbFmeuJL996yaLgG4l9tEyficGXKg",
		CidrLenIPv4: 24,
		CidrLenIPv6: 64,
		NumBits:     60,
	}
	config.Initialize()

	v4ip := easyParseIP("8.8.8.8")
	assertEqual(config.ComputeCloak(v4ip), "3cay3zc72tnui.oragono", t)
	v4ipsamecidr := easyParseIP("8.8.8.9")
	assertEqual(config.ComputeCloak(v4ipsamecidr), "3cay3zc72tnui.oragono", t)
}

func TestCloakZeroBits(t *testing.T) {
	config := cloakConfForTesting()
	config.NumBits = 0
	config.Netname = "example.com"
	config.Initialize()

	v4ip := easyParseIP("8.8.8.8").To4()
	assertEqual(config.ComputeCloak(v4ip), "example.com", t)
}

func TestCloakDisabled(t *testing.T) {
	config := cloakConfForTesting()
	config.Enabled = false
	v4ip := easyParseIP("8.8.8.8").To4()
	assertEqual(config.ComputeCloak(v4ip), "", t)
}

func BenchmarkCloaks(b *testing.B) {
	config := cloakConfForTesting()
	v6ip := easyParseIP("2001:0db8::1")
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		config.ComputeCloak(v6ip)
	}
}

func TestAccountCloak(t *testing.T) {
	config := cloakConfForTesting()

	// just assert that we get all distinct values
	assertEqual(config.ComputeAccountCloak("shivaram"), "8yu8kunudb45ztxm.oragono", t)
	assertEqual(config.ComputeAccountCloak("dolph🐬n"), "hhgeqsvzeagv3wjw.oragono", t)
	assertEqual(config.ComputeAccountCloak("SHIVARAM"), "bgx32x4r7qzih4uh.oragono", t)
	assertEqual(config.ComputeAccountCloak("ed"), "j5autmgxtdjdyzf4.oragono", t)
}

func TestAccountCloakCollisions(t *testing.T) {
	config := cloakConfForTesting()

	v4ip := easyParseIP("97.97.97.97")
	v4cloak := config.ComputeCloak(v4ip)
	// "aaaa" is the same bytestring as 97.97.97.97
	aaaacloak := config.ComputeAccountCloak("aaaa")
	if v4cloak == aaaacloak {
		t.Errorf("cloak collision between 97.97.97.97 and aaaa: %s", v4cloak)
	}
}

func BenchmarkAccountCloaks(b *testing.B) {
	config := cloakConfForTesting()
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		config.ComputeAccountCloak("shivaram")
	}
}