| // Copyright 2019 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package wycheproof |
| |
| import ( |
| "crypto/aes" |
| "crypto/cipher" |
| "encoding/hex" |
| "fmt" |
| "testing" |
| ) |
| |
| func TestAesCbc(t *testing.T) { |
| // IndCpaTestVector |
| type IndCpaTestVector struct { |
| |
| // A brief description of the test case |
| Comment string `json:"comment,omitempty"` |
| |
| // the raw ciphertext (without IV) |
| Ct string `json:"ct,omitempty"` |
| |
| // A list of flags |
| Flags []string `json:"flags,omitempty"` |
| |
| // the initialization vector |
| Iv string `json:"iv,omitempty"` |
| |
| // the key |
| Key string `json:"key,omitempty"` |
| |
| // the plaintext |
| Msg string `json:"msg,omitempty"` |
| |
| // Test result |
| Result string `json:"result,omitempty"` |
| |
| // Identifier of the test case |
| TcId int `json:"tcId,omitempty"` |
| } |
| |
| // Notes a description of the labels used in the test vectors |
| type Notes struct { |
| } |
| |
| // IndCpaTestGroup |
| type IndCpaTestGroup struct { |
| |
| // the IV size in bits |
| IvSize int `json:"ivSize,omitempty"` |
| |
| // the keySize in bits |
| KeySize int `json:"keySize,omitempty"` |
| |
| // the expected size of the tag in bits |
| TagSize int `json:"tagSize,omitempty"` |
| Tests []*IndCpaTestVector `json:"tests,omitempty"` |
| Type interface{} `json:"type,omitempty"` |
| } |
| |
| // Root |
| type Root struct { |
| |
| // the primitive tested in the test file |
| Algorithm string `json:"algorithm,omitempty"` |
| |
| // the version of the test vectors. |
| GeneratorVersion string `json:"generatorVersion,omitempty"` |
| |
| // additional documentation |
| Header []string `json:"header,omitempty"` |
| |
| // a description of the labels used in the test vectors |
| Notes *Notes `json:"notes,omitempty"` |
| |
| // the number of test vectors in this test |
| NumberOfTests int `json:"numberOfTests,omitempty"` |
| Schema interface{} `json:"schema,omitempty"` |
| TestGroups []*IndCpaTestGroup `json:"testGroups,omitempty"` |
| } |
| |
| var root Root |
| readTestVector(t, "aes_cbc_pkcs5_test.json", &root) |
| for _, tg := range root.TestGroups { |
| tests: |
| for _, tv := range tg.Tests { |
| block, err := aes.NewCipher(decodeHex(tv.Key)) |
| if err != nil { |
| t.Fatalf("#%d: %v", tv.TcId, err) |
| } |
| mode := cipher.NewCBCDecrypter(block, decodeHex(tv.Iv)) |
| ct := decodeHex(tv.Ct) |
| if len(ct)%aes.BlockSize != 0 { |
| panic(fmt.Sprintf("#%d: ciphertext is not a multiple of the block size", tv.TcId)) |
| } |
| mode.CryptBlocks(ct, ct) // decrypt the block in place |
| |
| // Skip the tests that are broken due to bad padding. Panic if there are any |
| // tests left that are invalid for some other reason in the future, to |
| // evaluate what to do with those tests. |
| for _, flag := range tv.Flags { |
| if flag == "BadPadding" { |
| continue tests |
| } |
| } |
| if !shouldPass(tv.Result, tv.Flags, nil) { |
| panic(fmt.Sprintf("#%d: found an invalid test that is broken for some reason other than bad padding", tv.TcId)) |
| } |
| |
| // Remove the PKCS#5 padding from the given ciphertext to validate it |
| padding := ct[len(ct)-1] |
| paddingNum := int(padding) |
| for i := paddingNum; i > 0; i-- { |
| if ct[len(ct)-i] != padding { // panic if the padding is unexpectedly bad |
| panic(fmt.Sprintf("#%d: bad padding at index=%d of %v", tv.TcId, i, ct)) |
| } |
| } |
| ct = ct[:len(ct)-paddingNum] |
| |
| if got, want := hex.EncodeToString(ct), tv.Msg; got != want { |
| t.Errorf("#%d, type: %s, comment: %q, decoded ciphertext not equal: %s, want %s", tv.TcId, tv.Result, tv.Comment, got, want) |
| } |
| } |
| } |
| } |
