diff options
Diffstat (limited to 'blockcipher/blockcipher_aes_ctr_test.go')
-rw-r--r-- | blockcipher/blockcipher_aes_ctr_test.go | 234 |
1 files changed, 234 insertions, 0 deletions
diff --git a/blockcipher/blockcipher_aes_ctr_test.go b/blockcipher/blockcipher_aes_ctr_test.go new file mode 100644 index 0000000..0e19eeb --- /dev/null +++ b/blockcipher/blockcipher_aes_ctr_test.go @@ -0,0 +1,234 @@ +/* + Copyright The ocicrypt Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package blockcipher + +import ( + "bytes" + _ "crypto/sha256" + "io" + "testing" +) + +func TestBlockCipherAesCtrCreateValid(t *testing.T) { + _, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } +} + +func TestBlockCipherAesCtrCreateInvalid(t *testing.T) { + _, err := NewAESCTRLayerBlockCipher(8) + if err == nil { + t.Fatal("Test should have failed due to invalid cipher size") + } + _, err = NewAESCTRLayerBlockCipher(255) + if err == nil { + t.Fatal("Test should have failed due to invalid cipher size") + } +} + +func TestBlockCipherAesCtrEncryption(t *testing.T) { + var ( + symKey = []byte("01234567890123456789012345678912") + opt = LayerBlockCipherOptions{ + Private: PrivateLayerBlockCipherOptions{ + SymmetricKey: symKey, + }, + } + layerData = []byte("this is some data") + ) + + bc, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + layerDataReader := bytes.NewReader(layerData) + ciphertextReader, finalizer, err := bc.Encrypt(layerDataReader, opt) + if err != nil { + t.Fatal(err) + } + + // Use a different instantiated object to indicate an invocation at a diff time + bc2, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + ciphertext := make([]byte, 1024) + encsize, err := ciphertextReader.Read(ciphertext) + if err != io.EOF { + t.Fatal("Expected EOF") + } + + ciphertextTestReader := bytes.NewReader(ciphertext[:encsize]) + + lbco, err := finalizer() + if err != nil { + t.Fatal(err) + } + + plaintextReader, _, err := bc2.Decrypt(ciphertextTestReader, lbco) + if err != nil { + t.Fatal(err) + } + + plaintext := make([]byte, 1024) + size, err := plaintextReader.Read(plaintext) + if err != io.EOF { + t.Fatal("Expected EOF") + } + + if string(plaintext[:size]) != string(layerData) { + t.Fatalf("expected %q, got %q", layerData, plaintext[:size]) + } +} + +func TestBlockCipherAesCtrEncryptionInvalidKey(t *testing.T) { + var ( + symKey = []byte("01234567890123456789012345678912") + opt = LayerBlockCipherOptions{ + Private: PrivateLayerBlockCipherOptions{ + SymmetricKey: symKey, + }, + } + layerData = []byte("this is some data") + ) + + bc, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + layerDataReader := bytes.NewReader(layerData) + + ciphertextReader, finalizer, err := bc.Encrypt(layerDataReader, opt) + if err != nil { + t.Fatal(err) + } + + // Use a different instantiated object to indicate an invokation at a diff time + bc2, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + ciphertext := make([]byte, 1024) + encsize, err := ciphertextReader.Read(ciphertext) + if err != io.EOF { + t.Fatal("Expected EOF") + } + ciphertextTestReader := bytes.NewReader(ciphertext[:encsize]) + + lbco, err := finalizer() + if err != nil { + t.Fatal(err) + } + lbco.Private.SymmetricKey = []byte("aaa34567890123456789012345678912") + + plaintextReader, _, err := bc2.Decrypt(ciphertextTestReader, lbco) + if err != nil { + t.Fatal(err) + } + + plaintext := make([]byte, 1024) + // first time read may not hit EOF of original source + _, _ = plaintextReader.Read(plaintext) + // now we must have hit eof and evaluated the plaintext + _, err = plaintextReader.Read(plaintext) + if err == nil { + t.Fatal("Read() should have failed due to wrong key") + } +} + +func TestBlockCipherAesCtrEncryptionInvalidKeyLength(t *testing.T) { + var ( + symKey = []byte("012345") + opt = LayerBlockCipherOptions{ + Private: PrivateLayerBlockCipherOptions{ + SymmetricKey: symKey, + }, + } + layerData = []byte("this is some data") + ) + + bc, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + layerDataReader := bytes.NewReader(layerData) + _, _, err = bc.Encrypt(layerDataReader, opt) + if err == nil { + t.Fatal("Test should have failed due to invalid key length") + } +} + +func TestBlockCipherAesCtrEncryptionInvalidHMAC(t *testing.T) { + var ( + symKey = []byte("01234567890123456789012345678912") + opt = LayerBlockCipherOptions{ + Private: PrivateLayerBlockCipherOptions{ + SymmetricKey: symKey, + }, + } + layerData = []byte("this is some data") + ) + + bc, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + layerDataReader := bytes.NewReader(layerData) + + ciphertextReader, finalizer, err := bc.Encrypt(layerDataReader, opt) + if err != nil { + t.Fatal(err) + } + + // Use a different instantiated object to indicate an invokation at a diff time + bc2, err := NewAESCTRLayerBlockCipher(256) + if err != nil { + t.Fatal(err) + } + + ciphertext := make([]byte, 1024) + encsize, err := ciphertextReader.Read(ciphertext) + if err != io.EOF { + t.Fatal("Expected EOF") + } + ciphertextTestReader := bytes.NewReader(ciphertext[:encsize]) + + lbco, err := finalizer() + if err != nil { + t.Fatal(err) + } + lbco.Public.Hmac = []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 0} + + plaintextReader, _, err := bc2.Decrypt(ciphertextTestReader, lbco) + if err != nil { + t.Fatal(err) + } + + plaintext := make([]byte, 1024) + // we will hit the error the first time + _, err = plaintextReader.Read(plaintext) + if err == nil || err == io.EOF { + t.Fatal("Read() should have failed due to Invalid HMAC verification") + } +} |