auth_test.go

Documentation: golang.org/x/crypto/nacl/auth

     1  // Copyright 2017 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package auth
     6  
     7  import (
     8  	"bytes"
     9  	rand "crypto/rand"
    10  	mrand "math/rand"
    11  	"testing"
    12  )
    13  
    14  // Test cases are from RFC 4231, and match those present in the tests directory
    15  // of the download here: https://nacl.cr.yp.to/install.html
    16  var testCases = []struct {
    17  	key [32]byte
    18  	msg []byte
    19  	out [32]byte
    20  }{
    21  	{
    22  		key: [32]byte{
    23  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
    24  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
    25  			0x0b, 0x0b, 0x0b, 0x0b,
    26  		},
    27  		msg: []byte("Hi There"),
    28  		out: [32]byte{
    29  			0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
    30  			0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
    31  			0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
    32  			0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
    33  		},
    34  	},
    35  	{
    36  		key: [32]byte{'J', 'e', 'f', 'e'},
    37  		msg: []byte("what do ya want for nothing?"),
    38  		out: [32]byte{
    39  			0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
    40  			0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
    41  			0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
    42  			0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
    43  		},
    44  	},
    45  	{
    46  		key: [32]byte{
    47  			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
    48  			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
    49  			0xaa, 0xaa, 0xaa, 0xaa,
    50  		},
    51  		msg: []byte{ // 50 bytes of 0xdd
    52  			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
    53  			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
    54  			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
    55  			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
    56  			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
    57  			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
    58  			0xdd, 0xdd,
    59  		},
    60  		out: [32]byte{
    61  			0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84,
    62  			0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9,
    63  			0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36,
    64  			0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39,
    65  		},
    66  	},
    67  	{
    68  		key: [32]byte{
    69  			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
    70  			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
    71  			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
    72  			0x19,
    73  		},
    74  		msg: []byte{
    75  			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
    76  			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
    77  			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
    78  			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
    79  			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
    80  			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
    81  			0xcd, 0xcd,
    82  		},
    83  		out: [32]byte{
    84  			0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69,
    85  			0x90, 0xe5, 0xa8, 0xc5, 0xf6, 0x1d, 0x4a, 0xf7,
    86  			0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d,
    87  			0xe7, 0x6f, 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb,
    88  		},
    89  	},
    90  }
    91  
    92  func TestSum(t *testing.T) {
    93  	for i, test := range testCases {
    94  		tag := Sum(test.msg, &test.key)
    95  		if !bytes.Equal(tag[:], test.out[:]) {
    96  			t.Errorf("#%d: Sum: got\n%x\nwant\n%x", i, tag, test.out)
    97  		}
    98  	}
    99  }
   100  
   101  func TestVerify(t *testing.T) {
   102  	wrongMsg := []byte("unknown msg")
   103  
   104  	for i, test := range testCases {
   105  		if !Verify(test.out[:], test.msg, &test.key) {
   106  			t.Errorf("#%d: Verify(%x, %q, %x) failed", i, test.out, test.msg, test.key)
   107  		}
   108  		if Verify(test.out[:], wrongMsg, &test.key) {
   109  			t.Errorf("#%d: Verify(%x, %q, %x) unexpectedly passed", i, test.out, wrongMsg, test.key)
   110  		}
   111  	}
   112  }
   113  
   114  func TestStress(t *testing.T) {
   115  	if testing.Short() {
   116  		t.Skip("exhaustiveness test")
   117  	}
   118  
   119  	var key [32]byte
   120  	msg := make([]byte, 10000)
   121  	prng := mrand.New(mrand.NewSource(0))
   122  
   123  	// copied from tests/auth5.c in nacl
   124  	for i := 0; i < 10000; i++ {
   125  		if _, err := rand.Read(key[:]); err != nil {
   126  			t.Fatal(err)
   127  		}
   128  		if _, err := rand.Read(msg[:i]); err != nil {
   129  			t.Fatal(err)
   130  		}
   131  		tag := Sum(msg[:i], &key)
   132  		if !Verify(tag[:], msg[:i], &key) {
   133  			t.Errorf("#%d: unexpected failure from Verify", i)
   134  		}
   135  		if i > 0 {
   136  			msgIndex := prng.Intn(i)
   137  			oldMsgByte := msg[msgIndex]
   138  			msg[msgIndex] += byte(1 + prng.Intn(255))
   139  			if Verify(tag[:], msg[:i], &key) {
   140  				t.Errorf("#%d: unexpected success from Verify after corrupting message", i)
   141  			}
   142  			msg[msgIndex] = oldMsgByte
   143  
   144  			tag[prng.Intn(len(tag))] += byte(1 + prng.Intn(255))
   145  			if Verify(tag[:], msg[:i], &key) {
   146  				t.Errorf("#%d: unexpected success from Verify after corrupting authenticator", i)
   147  			}
   148  		}
   149  	}
   150  }
   151  
   152  func BenchmarkAuth(b *testing.B) {
   153  	var key [32]byte
   154  	if _, err := rand.Read(key[:]); err != nil {
   155  		b.Fatal(err)
   156  	}
   157  	buf := make([]byte, 1024)
   158  	if _, err := rand.Read(buf[:]); err != nil {
   159  		b.Fatal(err)
   160  	}
   161  
   162  	b.SetBytes(int64(len(buf)))
   163  	b.ReportAllocs()
   164  	b.ResetTimer()
   165  
   166  	for i := 0; i < b.N; i++ {
   167  		tag := Sum(buf, &key)
   168  		if Verify(tag[:], buf, &key) == false {
   169  			b.Fatal("unexpected failure from Verify")
   170  		}
   171  	}
   172  }
   173
View as plain text