internal/wycheproof: add test for CBC decryption with PKCS#5 padding Change-Id: Ie60bdc10065018e193271b4f90f50298f1272396 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/218323 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
diff --git a/internal/wycheproof/aes_cbc_test.go b/internal/wycheproof/aes_cbc_test.go new file mode 100644 index 0000000..0a60fc3 --- /dev/null +++ b/internal/wycheproof/aes_cbc_test.go
@@ -0,0 +1,127 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package wycheproof + +import ( + "crypto/aes" + "crypto/cipher" + "encoding/hex" + "fmt" + "testing" +) + +func TestAesCbc(t *testing.T) { + // IndCpaTestVector + type IndCpaTestVector struct { + + // A brief description of the test case + Comment string `json:"comment,omitempty"` + + // the raw ciphertext (without IV) + Ct string `json:"ct,omitempty"` + + // A list of flags + Flags []string `json:"flags,omitempty"` + + // the initialization vector + Iv string `json:"iv,omitempty"` + + // the key + Key string `json:"key,omitempty"` + + // the plaintext + Msg string `json:"msg,omitempty"` + + // Test result + Result string `json:"result,omitempty"` + + // Identifier of the test case + TcId int `json:"tcId,omitempty"` + } + + // Notes a description of the labels used in the test vectors + type Notes struct { + } + + // IndCpaTestGroup + type IndCpaTestGroup struct { + + // the IV size in bits + IvSize int `json:"ivSize,omitempty"` + + // the keySize in bits + KeySize int `json:"keySize,omitempty"` + + // the expected size of the tag in bits + TagSize int `json:"tagSize,omitempty"` + Tests []*IndCpaTestVector `json:"tests,omitempty"` + Type interface{} `json:"type,omitempty"` + } + + // Root + type Root struct { + + // the primitive tested in the test file + Algorithm string `json:"algorithm,omitempty"` + + // the version of the test vectors. + GeneratorVersion string `json:"generatorVersion,omitempty"` + + // additional documentation + Header []string `json:"header,omitempty"` + + // a description of the labels used in the test vectors + Notes *Notes `json:"notes,omitempty"` + + // the number of test vectors in this test + NumberOfTests int `json:"numberOfTests,omitempty"` + Schema interface{} `json:"schema,omitempty"` + TestGroups []*IndCpaTestGroup `json:"testGroups,omitempty"` + } + + var root Root + readTestVector(t, "aes_cbc_pkcs5_test.json", &root) + for _, tg := range root.TestGroups { + tests: + for _, tv := range tg.Tests { + block, err := aes.NewCipher(decodeHex(tv.Key)) + if err != nil { + t.Fatalf("#%d: %v", tv.TcId, err) + } + mode := cipher.NewCBCDecrypter(block, decodeHex(tv.Iv)) + ct := decodeHex(tv.Ct) + if len(ct)%aes.BlockSize != 0 { + panic(fmt.Sprintf("#%d: ciphertext is not a multiple of the block size", tv.TcId)) + } + mode.CryptBlocks(ct, ct) // decrypt the block in place + + // Skip the tests that are broken due to bad padding. Panic if there are any + // tests left that are invalid for some other reason in the future, to + // evaluate what to do with those tests. + for _, flag := range tv.Flags { + if flag == "BadPadding" { + continue tests + } + } + if !shouldPass(tv.Result, tv.Flags, nil) { + panic(fmt.Sprintf("#%d: found an invalid test that is broken for some reason other than bad padding", tv.TcId)) + } + + // Remove the PKCS#5 padding from the given ciphertext to validate it + padding := ct[len(ct)-1] + paddingNum := int(padding) + for i := paddingNum; i > 0; i-- { + if ct[len(ct)-i] != padding { // panic if the padding is unexpectedly bad + panic(fmt.Sprintf("#%d: bad padding at index=%d of %v", tv.TcId, i, ct)) + } + } + ct = ct[:len(ct)-paddingNum] + + if got, want := hex.EncodeToString(ct), tv.Msg; got != want { + t.Errorf("#%d, type: %s, comment: %q, decoded ciphertext not equal: %s, want %s", tv.TcId, tv.Result, tv.Comment, got, want) + } + } + } +}