1
2
3
4
5 package wycheproof
6
7 import (
8 "bytes"
9 "crypto/aes"
10 "crypto/cipher"
11 "fmt"
12 "testing"
13
14 "golang.org/x/crypto/chacha20poly1305"
15 )
16
17 func TestAEAD(t *testing.T) {
18
19 type AeadTestVector struct {
20
21
22 Aad string `json:"aad,omitempty"`
23
24
25 Comment string `json:"comment,omitempty"`
26
27
28 Ct string `json:"ct,omitempty"`
29
30
31 Flags []string `json:"flags,omitempty"`
32
33
34 Iv string `json:"iv,omitempty"`
35
36
37 Key string `json:"key,omitempty"`
38
39
40 Msg string `json:"msg,omitempty"`
41
42
43 Result string `json:"result,omitempty"`
44
45
46 Tag string `json:"tag,omitempty"`
47
48
49 TcId int `json:"tcId,omitempty"`
50 }
51
52
53 type Notes struct {
54 }
55
56
57 type AeadTestGroup struct {
58
59
60 IvSize int `json:"ivSize,omitempty"`
61
62
63 KeySize int `json:"keySize,omitempty"`
64
65
66 TagSize int `json:"tagSize,omitempty"`
67 Tests []*AeadTestVector `json:"tests,omitempty"`
68 Type interface{} `json:"type,omitempty"`
69 }
70
71
72 type Root struct {
73
74
75 Algorithm string `json:"algorithm,omitempty"`
76
77
78 GeneratorVersion string `json:"generatorVersion,omitempty"`
79
80
81 Header []string `json:"header,omitempty"`
82
83
84 Notes *Notes `json:"notes,omitempty"`
85
86
87 NumberOfTests int `json:"numberOfTests,omitempty"`
88 Schema interface{} `json:"schema,omitempty"`
89 TestGroups []*AeadTestGroup `json:"testGroups,omitempty"`
90 }
91
92 testSealOpen := func(t *testing.T, aead cipher.AEAD, tv *AeadTestVector, recoverBadNonce func()) {
93 defer recoverBadNonce()
94
95 iv, tag, ct, msg, aad := decodeHex(tv.Iv), decodeHex(tv.Tag), decodeHex(tv.Ct), decodeHex(tv.Msg), decodeHex(tv.Aad)
96
97 genCT := aead.Seal(nil, iv, msg, aad)
98 genMsg, err := aead.Open(nil, iv, genCT, aad)
99 if err != nil {
100 t.Errorf("failed to decrypt generated ciphertext: %s", err)
101 }
102 if !bytes.Equal(genMsg, msg) {
103 t.Errorf("unexpected roundtripped plaintext: got %x, want %x", genMsg, msg)
104 }
105
106 ctWithTag := append(ct, tag...)
107 msg2, err := aead.Open(nil, iv, ctWithTag, aad)
108 wantPass := shouldPass(tv.Result, tv.Flags, nil)
109 if !wantPass && err == nil {
110 t.Error("decryption succeeded when it should've failed")
111 } else if wantPass {
112 if err != nil {
113 t.Fatalf("decryption failed: %s", err)
114 }
115 if !bytes.Equal(genCT, ctWithTag) {
116 t.Errorf("generated ciphertext doesn't match expected: got %x, want %x", genCT, ctWithTag)
117 }
118 if !bytes.Equal(msg, msg2) {
119 t.Errorf("decrypted ciphertext doesn't match expected: got %x, want %x", msg2, msg)
120 }
121 }
122 }
123
124 vectors := map[string]func(*testing.T, []byte) cipher.AEAD{
125 "aes_gcm_test.json": func(t *testing.T, key []byte) cipher.AEAD {
126 aesCipher, err := aes.NewCipher(key)
127 if err != nil {
128 t.Fatalf("failed to construct cipher: %s", err)
129 }
130 aead, err := cipher.NewGCM(aesCipher)
131 if err != nil {
132 t.Fatalf("failed to construct cipher: %s", err)
133 }
134 return aead
135 },
136 "chacha20_poly1305_test.json": func(t *testing.T, key []byte) cipher.AEAD {
137 aead, err := chacha20poly1305.New(key)
138 if err != nil {
139 t.Fatalf("failed to construct cipher: %s", err)
140 }
141 return aead
142 },
143 "xchacha20_poly1305_test.json": func(t *testing.T, key []byte) cipher.AEAD {
144 aead, err := chacha20poly1305.NewX(key)
145 if err != nil {
146 t.Fatalf("failed to construct cipher: %s", err)
147 }
148 return aead
149 },
150 }
151 for file, cipherInit := range vectors {
152 var root Root
153 readTestVector(t, file, &root)
154 for _, tg := range root.TestGroups {
155 for _, tv := range tg.Tests {
156 testName := fmt.Sprintf("%s #%d", file, tv.TcId)
157 if tv.Comment != "" {
158 testName += fmt.Sprintf(" %s", tv.Comment)
159 }
160 t.Run(testName, func(t *testing.T) {
161 aead := cipherInit(t, decodeHex(tv.Key))
162 testSealOpen(t, aead, tv, func() {
163
164
165
166 if r := recover(); r != nil {
167 if tg.IvSize/8 == aead.NonceSize() {
168 t.Error("unexpected panic")
169 }
170 }
171 })
172 })
173 }
174 }
175 }
176 }
177
View as plain text