OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/quic/crypto/chacha20_poly1305_decrypter.h" | |
6 | |
7 #include "net/quic/quic_flags.h" | |
8 #include "net/quic/test_tools/quic_test_utils.h" | |
9 | |
10 using base::StringPiece; | |
11 using std::string; | |
12 | |
13 namespace { | |
14 | |
15 // The test vectors come from draft-agl-tls-chacha20poly1305-04 Section 7. | |
16 | |
17 // Each test vector consists of six strings of lowercase hexadecimal digits. | |
18 // The strings may be empty (zero length). A test vector with a nullptr |key| | |
19 // marks the end of an array of test vectors. | |
20 struct TestVector { | |
21 // Input: | |
22 const char* key; | |
23 const char* iv; | |
24 const char* aad; | |
25 const char* ct; | |
26 | |
27 // Expected output: | |
28 const char* pt; // An empty string "" means decryption succeeded and | |
29 // the plaintext is zero-length. NULL means decryption | |
30 // failed. | |
31 }; | |
32 | |
33 const TestVector test_vectors[] = { | |
34 {"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110" | |
35 "0a1007", | |
36 "cd7cf67be39c794a", "87e229d4500845a079c0", | |
37 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" truncated. | |
38 "86d09974840bded2a5ca"}, | |
39 // Modify the ciphertext (ChaCha20 encryption output). | |
40 { | |
41 "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110" | |
42 "0a1007", | |
43 "cd7cf67be39c794a", "87e229d4500845a079c0", | |
44 "f3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" | |
45 // truncated. | |
46 nullptr // FAIL | |
47 }, | |
48 // Modify the ciphertext (Poly1305 authenticator). | |
49 { | |
50 "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110" | |
51 "0a1007", | |
52 "cd7cf67be39c794a", "87e229d4500845a079c0", | |
53 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28476", // "3896e1d6" | |
54 // truncated. | |
55 nullptr // FAIL | |
56 }, | |
57 // Modify the associated data. | |
58 { | |
59 "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110" | |
60 "0a1007", | |
61 "dd7cf67be39c794a", "87e229d4500845a079c0", | |
62 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" | |
63 // truncated. | |
64 nullptr // FAIL | |
65 }, | |
66 {nullptr}}; | |
67 | |
68 } // namespace | |
69 | |
70 namespace net { | |
71 namespace test { | |
72 | |
73 // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing | |
74 // in an nonce and also to allocate the buffer needed for the plaintext. | |
75 QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter, | |
76 StringPiece nonce, | |
77 StringPiece associated_data, | |
78 StringPiece ciphertext) { | |
79 QuicPathId path_id = kDefaultPathId; | |
80 QuicPacketNumber packet_number; | |
81 StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number)); | |
82 decrypter->SetNoncePrefix(nonce_prefix); | |
83 memcpy(&packet_number, nonce.data() + nonce_prefix.size(), | |
84 sizeof(packet_number)); | |
85 path_id = static_cast<QuicPathId>( | |
86 packet_number >> 8 * (sizeof(packet_number) - sizeof(path_id))); | |
87 packet_number &= UINT64_C(0x00FFFFFFFFFFFFFF); | |
88 scoped_ptr<char[]> output(new char[ciphertext.length()]); | |
89 size_t output_length = 0; | |
90 const bool success = decrypter->DecryptPacket( | |
91 path_id, packet_number, associated_data, ciphertext, output.get(), | |
92 &output_length, ciphertext.length()); | |
93 if (!success) { | |
94 return nullptr; | |
95 } | |
96 return new QuicData(output.release(), output_length, true); | |
97 } | |
98 | |
99 TEST(ChaCha20Poly1305DecrypterTest, Decrypt) { | |
100 for (size_t i = 0; test_vectors[i].key != nullptr; i++) { | |
101 // If not present then decryption is expected to fail. | |
102 bool has_pt = test_vectors[i].pt; | |
103 | |
104 // Decode the test vector. | |
105 string key; | |
106 string iv; | |
107 string aad; | |
108 string ct; | |
109 string pt; | |
110 ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key)); | |
111 ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv)); | |
112 ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad)); | |
113 ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct)); | |
114 if (has_pt) { | |
115 ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt)); | |
116 } | |
117 | |
118 ChaCha20Poly1305Decrypter decrypter; | |
119 ASSERT_TRUE(decrypter.SetKey(key)); | |
120 scoped_ptr<QuicData> decrypted(DecryptWithNonce( | |
121 &decrypter, iv, | |
122 // This deliberately tests that the decrypter can handle an AAD that | |
123 // is set to nullptr, as opposed to a zero-length, non-nullptr pointer. | |
124 StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), ct)); | |
125 if (!decrypted.get()) { | |
126 EXPECT_FALSE(has_pt); | |
127 continue; | |
128 } | |
129 EXPECT_TRUE(has_pt); | |
130 | |
131 ASSERT_EQ(pt.length(), decrypted->length()); | |
132 test::CompareCharArraysWithHexError("plaintext", decrypted->data(), | |
133 pt.length(), pt.data(), pt.length()); | |
134 } | |
135 } | |
136 | |
137 } // namespace test | |
138 } // namespace net | |
OLD | NEW |