blob: 7fedbc4f9a6b0baa7c230ed0d3debb1b573892b8 [file] [log] [blame]
// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package wycheproof
import (
func TestChaCha20Poly1305(t *testing.T) {
// AeadTestVector
type AeadTestVector struct {
// additional authenticated data
Aad string `json:"aad,omitempty"`
// A brief description of the test case
Comment string `json:"comment,omitempty"`
// the ciphertext (without iv and tag)
Ct string `json:"ct,omitempty"`
// A list of flags
Flags []string `json:"flags,omitempty"`
// the nonce
Iv string `json:"iv,omitempty"`
// the key
Key string `json:"key,omitempty"`
// the plaintext
Msg string `json:"msg,omitempty"`
// Test result
Result string `json:"result,omitempty"`
// the authentication tag
Tag string `json:"tag,omitempty"`
// Identifier of the test case
TcId int `json:"tcId,omitempty"`
// Notes a description of the labels used in the test vectors
type Notes struct {
// AeadTestGroup
type AeadTestGroup struct {
// the IV size in bits
IvSize int `json:"ivSize,omitempty"`
// the keySize in bits
KeySize int `json:"keySize,omitempty"`
// the expected size of the tag in bits
TagSize int `json:"tagSize,omitempty"`
Tests []*AeadTestVector `json:"tests,omitempty"`
Type interface{} `json:"type,omitempty"`
// Root
type Root struct {
// the primitive tested in the test file
Algorithm string `json:"algorithm,omitempty"`
// the version of the test vectors.
GeneratorVersion string `json:"generatorVersion,omitempty"`
// additional documentation
Header []string `json:"header,omitempty"`
// a description of the labels used in the test vectors
Notes *Notes `json:"notes,omitempty"`
// the number of test vectors in this test
NumberOfTests int `json:"numberOfTests,omitempty"`
Schema interface{} `json:"schema,omitempty"`
TestGroups []*AeadTestGroup `json:"testGroups,omitempty"`
testAeadSealOpen := func(t *testing.T, aead cipher.AEAD, tv *AeadTestVector, recoverBadNonce func()) {
defer recoverBadNonce()
// Encrypt the message, then decrypt the new ciphertext and validate
// the decrypted message.
ciphertext := aead.Seal(nil, decodeHex(tv.Iv), decodeHex(tv.Msg), decodeHex(tv.Aad))
msg, err := aead.Open(nil, decodeHex(tv.Iv), ciphertext, decodeHex(tv.Aad))
if err != nil {
t.Fatalf("#%d: decryption failed: %v", tv.TcId, err)
if got, want := hex.EncodeToString(msg), tv.Msg; got != want {
t.Errorf("#%d: bad message after encrypting and decrypting: %s, want %v", tv.TcId, got, want)
// Decrypt the provided ciphertext and validate the decrypted message.
tv.Ct += tv.Tag // append the tag to the ciphertext
msg2, err := aead.Open(nil, decodeHex(tv.Iv), decodeHex(tv.Ct), decodeHex(tv.Aad))
wantPass := shouldPass(tv.Result, tv.Flags, nil)
if wantPass {
if err != nil {
t.Errorf("#%d, type: %s, comment: %q, decryption wanted success, got err: %v", tv.TcId, tv.Result, tv.Comment, err)
if got, want := hex.EncodeToString(ciphertext), tv.Ct; got != want {
t.Errorf("#%d: ciphertext doesn't match: %s, want=%s", tv.TcId, got, want)
if got, want := hex.EncodeToString(msg2), tv.Msg; got != want {
t.Errorf("#%d: bad message after decrypting ciphertext: %s, want %v", tv.TcId, got, want)
} else {
if err == nil {
t.Errorf("#%d, type: %s, comment: %q, decryption wanted error", tv.TcId, tv.Result, tv.Comment)
var root Root
readTestVector(t, "chacha20_poly1305_test.json", &root)
for _, tg := range root.TestGroups {
for _, tv := range tg.Tests {
aead, err := chacha20poly1305.New(decodeHex(tv.Key))
if err != nil {
t.Fatalf("#%d: %v", tv.TcId, err)
if tg.TagSize/8 != aead.Overhead() {
t.Fatalf("#%d: bad tag length", tv.TcId)
testAeadSealOpen(t, aead, tv, func() {
// A bad nonce causes a panic in AEAD.Seal and AEAD.Open,
// so should be recovered. Fail the test if it broke for
// some other reason.
if r := recover(); r != nil {
if tg.IvSize/8 == chacha20poly1305.NonceSize {
t.Errorf("#%d: unexpected panic", tv.TcId)