JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
315 Commits
17 Branches
34 MiB
 
 
 
Tree: 46a543b286
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '46a543b286'
${ noResults }
transfer.sh/vendor/google.golang.org/grpc/credentials/alts/internal/conn/aes128gcm_test.go

224 lines
7.8 KiB
Raw Blame History 

  1. /*

  2.  *

  3.  * Copyright 2018 gRPC authors.

  4.  *

  5.  * Licensed under the Apache License, Version 2.0 (the "License");

  6.  * you may not use this file except in compliance with the License.

  7.  * You may obtain a copy of the License at

  8.  *

  9.  *     http://www.apache.org/licenses/LICENSE-2.0

  10.  *

  11.  * Unless required by applicable law or agreed to in writing, software

  12.  * distributed under the License is distributed on an "AS IS" BASIS,

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.  * See the License for the specific language governing permissions and

  15.  * limitations under the License.

  16.  *

  17.  */

  18. 

  19. package conn

  20. 

  21. import (

  22. 	"bytes"

  23. 	"testing"

  24. 

  25. 	core "google.golang.org/grpc/credentials/alts/internal"

  26. )

  27. 

  28. // cryptoTestVector is struct for a GCM test vector

  29. type cryptoTestVector struct {

  30. 	key, counter, plaintext, ciphertext, tag []byte

  31. 	allocateDst                              bool

  32. }

  33. 

  34. // getGCMCryptoPair outputs a client/server pair on aes128gcm.

  35. func getGCMCryptoPair(key []byte, counter []byte, t *testing.T) (ALTSRecordCrypto, ALTSRecordCrypto) {

  36. 	client, err := NewAES128GCM(core.ClientSide, key)

  37. 	if err != nil {

  38. 		t.Fatalf("NewAES128GCM(ClientSide, key) = %v", err)

  39. 	}

  40. 	server, err := NewAES128GCM(core.ServerSide, key)

  41. 	if err != nil {

  42. 		t.Fatalf("NewAES128GCM(ServerSide, key) = %v", err)

  43. 	}

  44. 	// set counter if provided.

  45. 	if counter != nil {

  46. 		if CounterSide(counter) == core.ClientSide {

  47. 			client.(*aes128gcm).outCounter = CounterFromValue(counter, overflowLenAES128GCM)

  48. 			server.(*aes128gcm).inCounter = CounterFromValue(counter, overflowLenAES128GCM)

  49. 		} else {

  50. 			server.(*aes128gcm).outCounter = CounterFromValue(counter, overflowLenAES128GCM)

  51. 			client.(*aes128gcm).inCounter = CounterFromValue(counter, overflowLenAES128GCM)

  52. 		}

  53. 	}

  54. 	return client, server

  55. }

  56. 

  57. func testGCMEncryptionDecryption(sender ALTSRecordCrypto, receiver ALTSRecordCrypto, test *cryptoTestVector, withCounter bool, t *testing.T) {

  58. 	// Ciphertext is: counter + encrypted text + tag.

  59. 	ciphertext := []byte(nil)

  60. 	if withCounter {

  61. 		ciphertext = append(ciphertext, test.counter...)

  62. 	}

  63. 	ciphertext = append(ciphertext, test.ciphertext...)

  64. 	ciphertext = append(ciphertext, test.tag...)

  65. 

  66. 	// Decrypt.

  67. 	if got, err := receiver.Decrypt(nil, ciphertext); err != nil || !bytes.Equal(got, test.plaintext) {

  68. 		t.Errorf("key=%v\ncounter=%v\ntag=%v\nciphertext=%v\nDecrypt = %v, %v\nwant: %v",

  69. 			test.key, test.counter, test.tag, test.ciphertext, got, err, test.plaintext)

  70. 	}

  71. 

  72. 	// Encrypt.

  73. 	var dst []byte

  74. 	if test.allocateDst {

  75. 		dst = make([]byte, len(test.plaintext)+sender.EncryptionOverhead())

  76. 	}

  77. 	if got, err := sender.Encrypt(dst[:0], test.plaintext); err != nil || !bytes.Equal(got, ciphertext) {

  78. 		t.Errorf("key=%v\ncounter=%v\nplaintext=%v\nEncrypt = %v, %v\nwant: %v",

  79. 			test.key, test.counter, test.plaintext, got, err, ciphertext)

  80. 	}

  81. }

  82. 

  83. // Test encrypt and decrypt using test vectors for aes128gcm.

  84. func TestAES128GCMEncrypt(t *testing.T) {

  85. 	for _, test := range []cryptoTestVector{

  86. 		{

  87. 			key:         dehex("11754cd72aec309bf52f7687212e8957"),

  88. 			counter:     dehex("3c819d9a9bed087615030b65"),

  89. 			plaintext:   nil,

  90. 			ciphertext:  nil,

  91. 			tag:         dehex("250327c674aaf477aef2675748cf6971"),

  92. 			allocateDst: false,

  93. 		},

  94. 		{

  95. 			key:         dehex("ca47248ac0b6f8372a97ac43508308ed"),

  96. 			counter:     dehex("ffd2b598feabc9019262d2be"),

  97. 			plaintext:   nil,

  98. 			ciphertext:  nil,

  99. 			tag:         dehex("60d20404af527d248d893ae495707d1a"),

  100. 			allocateDst: false,

  101. 		},

  102. 		{

  103. 			key:         dehex("7fddb57453c241d03efbed3ac44e371c"),

  104. 			counter:     dehex("ee283a3fc75575e33efd4887"),

  105. 			plaintext:   dehex("d5de42b461646c255c87bd2962d3b9a2"),

  106. 			ciphertext:  dehex("2ccda4a5415cb91e135c2a0f78c9b2fd"),

  107. 			tag:         dehex("b36d1df9b9d5e596f83e8b7f52971cb3"),

  108. 			allocateDst: false,

  109. 		},

  110. 		{

  111. 			key:         dehex("ab72c77b97cb5fe9a382d9fe81ffdbed"),

  112. 			counter:     dehex("54cc7dc2c37ec006bcc6d1da"),

  113. 			plaintext:   dehex("007c5e5b3e59df24a7c355584fc1518d"),

  114. 			ciphertext:  dehex("0e1bde206a07a9c2c1b65300f8c64997"),

  115. 			tag:         dehex("2b4401346697138c7a4891ee59867d0c"),

  116. 			allocateDst: false,

  117. 		},

  118. 		{

  119. 			key:         dehex("11754cd72aec309bf52f7687212e8957"),

  120. 			counter:     dehex("3c819d9a9bed087615030b65"),

  121. 			plaintext:   nil,

  122. 			ciphertext:  nil,

  123. 			tag:         dehex("250327c674aaf477aef2675748cf6971"),

  124. 			allocateDst: true,

  125. 		},

  126. 		{

  127. 			key:         dehex("ca47248ac0b6f8372a97ac43508308ed"),

  128. 			counter:     dehex("ffd2b598feabc9019262d2be"),

  129. 			plaintext:   nil,

  130. 			ciphertext:  nil,

  131. 			tag:         dehex("60d20404af527d248d893ae495707d1a"),

  132. 			allocateDst: true,

  133. 		},

  134. 		{

  135. 			key:         dehex("7fddb57453c241d03efbed3ac44e371c"),

  136. 			counter:     dehex("ee283a3fc75575e33efd4887"),

  137. 			plaintext:   dehex("d5de42b461646c255c87bd2962d3b9a2"),

  138. 			ciphertext:  dehex("2ccda4a5415cb91e135c2a0f78c9b2fd"),

  139. 			tag:         dehex("b36d1df9b9d5e596f83e8b7f52971cb3"),

  140. 			allocateDst: true,

  141. 		},

  142. 		{

  143. 			key:         dehex("ab72c77b97cb5fe9a382d9fe81ffdbed"),

  144. 			counter:     dehex("54cc7dc2c37ec006bcc6d1da"),

  145. 			plaintext:   dehex("007c5e5b3e59df24a7c355584fc1518d"),

  146. 			ciphertext:  dehex("0e1bde206a07a9c2c1b65300f8c64997"),

  147. 			tag:         dehex("2b4401346697138c7a4891ee59867d0c"),

  148. 			allocateDst: true,

  149. 		},

  150. 	} {

  151. 		// Test encryption and decryption for aes128gcm.

  152. 		client, server := getGCMCryptoPair(test.key, test.counter, t)

  153. 		if CounterSide(test.counter) == core.ClientSide {

  154. 			testGCMEncryptionDecryption(client, server, &test, false, t)

  155. 		} else {

  156. 			testGCMEncryptionDecryption(server, client, &test, false, t)

  157. 		}

  158. 	}

  159. }

  160. 

  161. func testGCMEncryptRoundtrip(client ALTSRecordCrypto, server ALTSRecordCrypto, t *testing.T) {

  162. 	// Encrypt.

  163. 	const plaintext = "This is plaintext."

  164. 	var err error

  165. 	buf := []byte(plaintext)

  166. 	buf, err = client.Encrypt(buf[:0], buf)

  167. 	if err != nil {

  168. 		t.Fatal("Encrypting with client-side context: unexpected error", err, "\n",

  169. 			"Plaintext:", []byte(plaintext))

  170. 	}

  171. 

  172. 	// Encrypt a second message.

  173. 	const plaintext2 = "This is a second plaintext."

  174. 	buf2 := []byte(plaintext2)

  175. 	buf2, err = client.Encrypt(buf2[:0], buf2)

  176. 	if err != nil {

  177. 		t.Fatal("Encrypting with client-side context: unexpected error", err, "\n",

  178. 			"Plaintext:", []byte(plaintext2))

  179. 	}

  180. 

  181. 	// Decryption fails: cannot decrypt second message before first.

  182. 	if got, err := server.Decrypt(nil, buf2); err == nil {

  183. 		t.Error("Decrypting client-side ciphertext with a client-side context unexpectedly succeeded; want unexpected counter error:\n",

  184. 			"  Original plaintext:", []byte(plaintext2), "\n",

  185. 			"  Ciphertext:", buf2, "\n",

  186. 			"  Decrypted plaintext:", got)

  187. 	}

  188. 

  189. 	// Decryption fails: wrong counter space.

  190. 	if got, err := client.Decrypt(nil, buf); err == nil {

  191. 		t.Error("Decrypting client-side ciphertext with a client-side context unexpectedly succeeded; want counter space error:\n",

  192. 			"  Original plaintext:", []byte(plaintext), "\n",

  193. 			"  Ciphertext:", buf, "\n",

  194. 			"  Decrypted plaintext:", got)

  195. 	}

  196. 

  197. 	// Decrypt first message.

  198. 	ciphertext := append([]byte(nil), buf...)

  199. 	buf, err = server.Decrypt(buf[:0], buf)

  200. 	if err != nil || string(buf) != plaintext {

  201. 		t.Fatal("Decrypting client-side ciphertext with a server-side context did not produce original content:\n",

  202. 			"  Original plaintext:", []byte(plaintext), "\n",

  203. 			"  Ciphertext:", ciphertext, "\n",

  204. 			"  Decryption error:", err, "\n",

  205. 			"  Decrypted plaintext:", buf)

  206. 	}

  207. 

  208. 	// Decryption fails: replay attack.

  209. 	if got, err := server.Decrypt(nil, buf); err == nil {

  210. 		t.Error("Decrypting client-side ciphertext with a client-side context unexpectedly succeeded; want unexpected counter error:\n",

  211. 			"  Original plaintext:", []byte(plaintext), "\n",

  212. 			"  Ciphertext:", buf, "\n",

  213. 			"  Decrypted plaintext:", got)

  214. 	}

  215. }

  216. 

  217. // Test encrypt and decrypt on roundtrip messages for aes128gcm.

  218. func TestAES128GCMEncryptRoundtrip(t *testing.T) {

  219. 	// Test for aes128gcm.

  220. 	key := make([]byte, 16)

  221. 	client, server := getGCMCryptoPair(key, nil, t)

  222. 	testGCMEncryptRoundtrip(client, server, t)

  223. }