summaryrefslogtreecommitdiffstats
path: root/blockcipher/blockcipher_aes_ctr_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'blockcipher/blockcipher_aes_ctr_test.go')
-rw-r--r--blockcipher/blockcipher_aes_ctr_test.go234
1 files changed, 234 insertions, 0 deletions
diff --git a/blockcipher/blockcipher_aes_ctr_test.go b/blockcipher/blockcipher_aes_ctr_test.go
new file mode 100644
index 0000000..0e19eeb
--- /dev/null
+++ b/blockcipher/blockcipher_aes_ctr_test.go
@@ -0,0 +1,234 @@
+/*
+ Copyright The ocicrypt Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package blockcipher
+
+import (
+ "bytes"
+ _ "crypto/sha256"
+ "io"
+ "testing"
+)
+
+func TestBlockCipherAesCtrCreateValid(t *testing.T) {
+ _, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+}
+
+func TestBlockCipherAesCtrCreateInvalid(t *testing.T) {
+ _, err := NewAESCTRLayerBlockCipher(8)
+ if err == nil {
+ t.Fatal("Test should have failed due to invalid cipher size")
+ }
+ _, err = NewAESCTRLayerBlockCipher(255)
+ if err == nil {
+ t.Fatal("Test should have failed due to invalid cipher size")
+ }
+}
+
+func TestBlockCipherAesCtrEncryption(t *testing.T) {
+ var (
+ symKey = []byte("01234567890123456789012345678912")
+ opt = LayerBlockCipherOptions{
+ Private: PrivateLayerBlockCipherOptions{
+ SymmetricKey: symKey,
+ },
+ }
+ layerData = []byte("this is some data")
+ )
+
+ bc, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ layerDataReader := bytes.NewReader(layerData)
+ ciphertextReader, finalizer, err := bc.Encrypt(layerDataReader, opt)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ // Use a different instantiated object to indicate an invocation at a diff time
+ bc2, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ciphertext := make([]byte, 1024)
+ encsize, err := ciphertextReader.Read(ciphertext)
+ if err != io.EOF {
+ t.Fatal("Expected EOF")
+ }
+
+ ciphertextTestReader := bytes.NewReader(ciphertext[:encsize])
+
+ lbco, err := finalizer()
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ plaintextReader, _, err := bc2.Decrypt(ciphertextTestReader, lbco)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ plaintext := make([]byte, 1024)
+ size, err := plaintextReader.Read(plaintext)
+ if err != io.EOF {
+ t.Fatal("Expected EOF")
+ }
+
+ if string(plaintext[:size]) != string(layerData) {
+ t.Fatalf("expected %q, got %q", layerData, plaintext[:size])
+ }
+}
+
+func TestBlockCipherAesCtrEncryptionInvalidKey(t *testing.T) {
+ var (
+ symKey = []byte("01234567890123456789012345678912")
+ opt = LayerBlockCipherOptions{
+ Private: PrivateLayerBlockCipherOptions{
+ SymmetricKey: symKey,
+ },
+ }
+ layerData = []byte("this is some data")
+ )
+
+ bc, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ layerDataReader := bytes.NewReader(layerData)
+
+ ciphertextReader, finalizer, err := bc.Encrypt(layerDataReader, opt)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ // Use a different instantiated object to indicate an invokation at a diff time
+ bc2, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ciphertext := make([]byte, 1024)
+ encsize, err := ciphertextReader.Read(ciphertext)
+ if err != io.EOF {
+ t.Fatal("Expected EOF")
+ }
+ ciphertextTestReader := bytes.NewReader(ciphertext[:encsize])
+
+ lbco, err := finalizer()
+ if err != nil {
+ t.Fatal(err)
+ }
+ lbco.Private.SymmetricKey = []byte("aaa34567890123456789012345678912")
+
+ plaintextReader, _, err := bc2.Decrypt(ciphertextTestReader, lbco)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ plaintext := make([]byte, 1024)
+ // first time read may not hit EOF of original source
+ _, _ = plaintextReader.Read(plaintext)
+ // now we must have hit eof and evaluated the plaintext
+ _, err = plaintextReader.Read(plaintext)
+ if err == nil {
+ t.Fatal("Read() should have failed due to wrong key")
+ }
+}
+
+func TestBlockCipherAesCtrEncryptionInvalidKeyLength(t *testing.T) {
+ var (
+ symKey = []byte("012345")
+ opt = LayerBlockCipherOptions{
+ Private: PrivateLayerBlockCipherOptions{
+ SymmetricKey: symKey,
+ },
+ }
+ layerData = []byte("this is some data")
+ )
+
+ bc, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ layerDataReader := bytes.NewReader(layerData)
+ _, _, err = bc.Encrypt(layerDataReader, opt)
+ if err == nil {
+ t.Fatal("Test should have failed due to invalid key length")
+ }
+}
+
+func TestBlockCipherAesCtrEncryptionInvalidHMAC(t *testing.T) {
+ var (
+ symKey = []byte("01234567890123456789012345678912")
+ opt = LayerBlockCipherOptions{
+ Private: PrivateLayerBlockCipherOptions{
+ SymmetricKey: symKey,
+ },
+ }
+ layerData = []byte("this is some data")
+ )
+
+ bc, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ layerDataReader := bytes.NewReader(layerData)
+
+ ciphertextReader, finalizer, err := bc.Encrypt(layerDataReader, opt)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ // Use a different instantiated object to indicate an invokation at a diff time
+ bc2, err := NewAESCTRLayerBlockCipher(256)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ciphertext := make([]byte, 1024)
+ encsize, err := ciphertextReader.Read(ciphertext)
+ if err != io.EOF {
+ t.Fatal("Expected EOF")
+ }
+ ciphertextTestReader := bytes.NewReader(ciphertext[:encsize])
+
+ lbco, err := finalizer()
+ if err != nil {
+ t.Fatal(err)
+ }
+ lbco.Public.Hmac = []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 0}
+
+ plaintextReader, _, err := bc2.Decrypt(ciphertextTestReader, lbco)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ plaintext := make([]byte, 1024)
+ // we will hit the error the first time
+ _, err = plaintextReader.Read(plaintext)
+ if err == nil || err == io.EOF {
+ t.Fatal("Read() should have failed due to Invalid HMAC verification")
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 22:21:50 +0000