From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 third_party/rust/neqo-crypto/tests/selfencrypt.rs | 96 +++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 third_party/rust/neqo-crypto/tests/selfencrypt.rs

(limited to 'third_party/rust/neqo-crypto/tests/selfencrypt.rs')

diff --git a/third_party/rust/neqo-crypto/tests/selfencrypt.rs b/third_party/rust/neqo-crypto/tests/selfencrypt.rs
new file mode 100644
index 0000000000..fd9d4ea1ea
--- /dev/null
+++ b/third_party/rust/neqo-crypto/tests/selfencrypt.rs
@@ -0,0 +1,96 @@
+#![cfg_attr(feature = "deny-warnings", deny(warnings))]
+#![warn(clippy::pedantic)]
+#![cfg(not(feature = "fuzzing"))]
+
+use neqo_crypto::{
+    constants::{TLS_AES_128_GCM_SHA256, TLS_VERSION_1_3},
+    init,
+    selfencrypt::SelfEncrypt,
+    Error,
+};
+
+#[test]
+fn se_create() {
+    init();
+    SelfEncrypt::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256).expect("constructor works");
+}
+
+const PLAINTEXT: &[u8] = b"PLAINTEXT";
+const AAD: &[u8] = b"AAD";
+
+fn sealed() -> (SelfEncrypt, Vec<u8>) {
+    init();
+    let se = SelfEncrypt::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256).unwrap();
+    let sealed = se.seal(AAD, PLAINTEXT).expect("sealing works");
+    (se, sealed)
+}
+
+#[test]
+fn seal_open() {
+    let (se, sealed) = sealed();
+    let opened = se.open(AAD, &sealed).expect("opening works");
+    assert_eq!(&opened[..], PLAINTEXT);
+}
+
+#[test]
+fn seal_rotate_open() {
+    let (mut se, sealed) = sealed();
+    se.rotate().expect("rotate should be infallible");
+    let opened = se.open(AAD, &sealed).expect("opening works");
+    assert_eq!(&opened[..], PLAINTEXT);
+}
+
+#[test]
+fn seal_rotate_twice_open() {
+    let (mut se, sealed) = sealed();
+    se.rotate().expect("rotate should be infallible");
+    se.rotate().expect("rotate should be infallible");
+    let res = se.open(AAD, &sealed);
+    assert_eq!(res.unwrap_err(), Error::SelfEncryptFailure);
+}
+
+#[test]
+fn damage_version() {
+    let (se, mut sealed) = sealed();
+    sealed[0] ^= 0x80;
+    let res = se.open(AAD, &sealed);
+    assert_eq!(res.unwrap_err(), Error::SelfEncryptFailure);
+}
+
+fn assert_bad_data<T>(res: Result<T, Error>) {
+    if let Err(Error::NssError { name, .. }) = res {
+        assert_eq!(name, "SEC_ERROR_BAD_DATA");
+    }
+}
+
+#[test]
+fn damage_salt() {
+    let (se, mut sealed) = sealed();
+    sealed[4] ^= 0x10;
+    let res = se.open(AAD, &sealed);
+    assert_bad_data(res);
+}
+
+#[test]
+fn damage_ciphertext() {
+    let (se, mut sealed) = sealed();
+    sealed[20] ^= 0x2f;
+    let res = se.open(AAD, &sealed);
+    assert_bad_data(res);
+}
+
+#[test]
+fn damage_auth_tag() {
+    let (se, mut sealed) = sealed();
+    let idx = sealed.len() - 1;
+    sealed[idx] ^= 0x3;
+    let res = se.open(AAD, &sealed);
+    assert_bad_data(res);
+}
+
+#[test]
+fn truncate() {
+    let (se, sealed) = sealed();
+    let res = se.open(AAD, &sealed[0..(sealed.len() - 1)]);
+    assert_bad_data(res);
+}
-- 
cgit v1.2.3