diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /third_party/rust/neqo-crypto/tests/selfencrypt.rs | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/rust/neqo-crypto/tests/selfencrypt.rs')
-rw-r--r-- | third_party/rust/neqo-crypto/tests/selfencrypt.rs | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/third_party/rust/neqo-crypto/tests/selfencrypt.rs b/third_party/rust/neqo-crypto/tests/selfencrypt.rs new file mode 100644 index 0000000000..5828f09392 --- /dev/null +++ b/third_party/rust/neqo-crypto/tests/selfencrypt.rs @@ -0,0 +1,92 @@ +#![cfg_attr(feature = "deny-warnings", deny(warnings))] +#![warn(clippy::pedantic)] +#![cfg(not(feature = "fuzzing"))] + +use neqo_crypto::constants::{TLS_AES_128_GCM_SHA256, TLS_VERSION_1_3}; +use neqo_crypto::{init, selfencrypt::SelfEncrypt, Error}; + +#[test] +fn se_create() { + init(); + SelfEncrypt::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256).expect("constructor works"); +} + +const PLAINTEXT: &[u8] = b"PLAINTEXT"; +const AAD: &[u8] = b"AAD"; + +fn sealed() -> (SelfEncrypt, Vec<u8>) { + init(); + let se = SelfEncrypt::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256).unwrap(); + let sealed = se.seal(AAD, PLAINTEXT).expect("sealing works"); + (se, sealed) +} + +#[test] +fn seal_open() { + let (se, sealed) = sealed(); + let opened = se.open(AAD, &sealed).expect("opening works"); + assert_eq!(&opened[..], PLAINTEXT); +} + +#[test] +fn seal_rotate_open() { + let (mut se, sealed) = sealed(); + se.rotate().expect("rotate should be infallible"); + let opened = se.open(AAD, &sealed).expect("opening works"); + assert_eq!(&opened[..], PLAINTEXT); +} + +#[test] +fn seal_rotate_twice_open() { + let (mut se, sealed) = sealed(); + se.rotate().expect("rotate should be infallible"); + se.rotate().expect("rotate should be infallible"); + let res = se.open(AAD, &sealed); + assert_eq!(res.unwrap_err(), Error::SelfEncryptFailure); +} + +#[test] +fn damage_version() { + let (se, mut sealed) = sealed(); + sealed[0] ^= 0x80; + let res = se.open(AAD, &sealed); + assert_eq!(res.unwrap_err(), Error::SelfEncryptFailure); +} + +fn assert_bad_data<T>(res: Result<T, Error>) { + if let Err(Error::NssError { name, .. }) = res { + assert_eq!(name, "SEC_ERROR_BAD_DATA"); + } +} + +#[test] +fn damage_salt() { + let (se, mut sealed) = sealed(); + sealed[4] ^= 0x10; + let res = se.open(AAD, &sealed); + assert_bad_data(res); +} + +#[test] +fn damage_ciphertext() { + let (se, mut sealed) = sealed(); + sealed[20] ^= 0x2f; + let res = se.open(AAD, &sealed); + assert_bad_data(res); +} + +#[test] +fn damage_auth_tag() { + let (se, mut sealed) = sealed(); + let idx = sealed.len() - 1; + sealed[idx] ^= 0x3; + let res = se.open(AAD, &sealed); + assert_bad_data(res); +} + +#[test] +fn truncate() { + let (se, sealed) = sealed(); + let res = se.open(AAD, &sealed[0..(sealed.len() - 1)]); + assert_bad_data(res); +} |