| // Copyright 2019 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package wycheproof |
| |
| import ( |
| "crypto/cipher" |
| "encoding/hex" |
| "testing" |
| |
| "golang.org/x/crypto/chacha20poly1305" |
| ) |
| |
| func TestChaCha20Poly1305(t *testing.T) { |
| // AeadTestVector |
| type AeadTestVector struct { |
| |
| // additional authenticated data |
| Aad string `json:"aad,omitempty"` |
| |
| // A brief description of the test case |
| Comment string `json:"comment,omitempty"` |
| |
| // the ciphertext (without iv and tag) |
| Ct string `json:"ct,omitempty"` |
| |
| // A list of flags |
| Flags []string `json:"flags,omitempty"` |
| |
| // the nonce |
| Iv string `json:"iv,omitempty"` |
| |
| // the key |
| Key string `json:"key,omitempty"` |
| |
| // the plaintext |
| Msg string `json:"msg,omitempty"` |
| |
| // Test result |
| Result string `json:"result,omitempty"` |
| |
| // the authentication tag |
| Tag string `json:"tag,omitempty"` |
| |
| // Identifier of the test case |
| TcId int `json:"tcId,omitempty"` |
| } |
| |
| // Notes a description of the labels used in the test vectors |
| type Notes struct { |
| } |
| |
| // AeadTestGroup |
| type AeadTestGroup struct { |
| |
| // the IV size in bits |
| IvSize int `json:"ivSize,omitempty"` |
| |
| // the keySize in bits |
| KeySize int `json:"keySize,omitempty"` |
| |
| // the expected size of the tag in bits |
| TagSize int `json:"tagSize,omitempty"` |
| Tests []*AeadTestVector `json:"tests,omitempty"` |
| Type interface{} `json:"type,omitempty"` |
| } |
| |
| // Root |
| type Root struct { |
| |
| // the primitive tested in the test file |
| Algorithm string `json:"algorithm,omitempty"` |
| |
| // the version of the test vectors. |
| GeneratorVersion string `json:"generatorVersion,omitempty"` |
| |
| // additional documentation |
| Header []string `json:"header,omitempty"` |
| |
| // a description of the labels used in the test vectors |
| Notes *Notes `json:"notes,omitempty"` |
| |
| // the number of test vectors in this test |
| NumberOfTests int `json:"numberOfTests,omitempty"` |
| Schema interface{} `json:"schema,omitempty"` |
| TestGroups []*AeadTestGroup `json:"testGroups,omitempty"` |
| } |
| |
| testAeadSealOpen := func(t *testing.T, aead cipher.AEAD, tv *AeadTestVector, recoverBadNonce func()) { |
| defer recoverBadNonce() |
| |
| // Encrypt the message, then decrypt the new ciphertext and validate |
| // the decrypted message. |
| ciphertext := aead.Seal(nil, decodeHex(tv.Iv), decodeHex(tv.Msg), decodeHex(tv.Aad)) |
| msg, err := aead.Open(nil, decodeHex(tv.Iv), ciphertext, decodeHex(tv.Aad)) |
| if err != nil { |
| t.Fatalf("#%d: decryption failed: %v", tv.TcId, err) |
| } |
| if got, want := hex.EncodeToString(msg), tv.Msg; got != want { |
| t.Errorf("#%d: bad message after encrypting and decrypting: %s, want %v", tv.TcId, got, want) |
| } |
| |
| // Decrypt the provided ciphertext and validate the decrypted message. |
| tv.Ct += tv.Tag // append the tag to the ciphertext |
| msg2, err := aead.Open(nil, decodeHex(tv.Iv), decodeHex(tv.Ct), decodeHex(tv.Aad)) |
| wantPass := shouldPass(tv.Result, tv.Flags, nil) |
| if wantPass { |
| if err != nil { |
| t.Errorf("#%d, type: %s, comment: %q, decryption wanted success, got err: %v", tv.TcId, tv.Result, tv.Comment, err) |
| } |
| if got, want := hex.EncodeToString(ciphertext), tv.Ct; got != want { |
| t.Errorf("#%d: ciphertext doesn't match: %s, want=%s", tv.TcId, got, want) |
| } |
| if got, want := hex.EncodeToString(msg2), tv.Msg; got != want { |
| t.Errorf("#%d: bad message after decrypting ciphertext: %s, want %v", tv.TcId, got, want) |
| } |
| } else { |
| if err == nil { |
| t.Errorf("#%d, type: %s, comment: %q, decryption wanted error", tv.TcId, tv.Result, tv.Comment) |
| } |
| } |
| } |
| |
| var root Root |
| readTestVector(t, "chacha20_poly1305_test.json", &root) |
| for _, tg := range root.TestGroups { |
| for _, tv := range tg.Tests { |
| aead, err := chacha20poly1305.New(decodeHex(tv.Key)) |
| if err != nil { |
| t.Fatalf("#%d: %v", tv.TcId, err) |
| } |
| if tg.TagSize/8 != aead.Overhead() { |
| t.Fatalf("#%d: bad tag length", tv.TcId) |
| } |
| testAeadSealOpen(t, aead, tv, func() { |
| // A bad nonce causes a panic in AEAD.Seal and AEAD.Open, |
| // so should be recovered. Fail the test if it broke for |
| // some other reason. |
| if r := recover(); r != nil { |
| if tg.IvSize/8 == chacha20poly1305.NonceSize { |
| t.Errorf("#%d: unexpected panic", tv.TcId) |
| } |
| } |
| }) |
| } |
| } |
| } |