net/quic/crypto/chacha20_poly1305_decrypter_test.cc - Issue 1854273002: Remove the non-RFC 7539 variants of ChaCha20Poly1305 crypters in QUIC

Side by Side Diff: net/quic/crypto/chacha20_poly1305_decrypter_test.cc

Issue 1854273002: Remove the non-RFC 7539 variants of ChaCha20Poly1305 crypters in QUIC (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/quic/crypto/chacha20_poly1305_decrypter.h"

6

7 #include "net/quic/quic_flags.h"

8 #include "net/quic/test_tools/quic_test_utils.h"

9

10 using base::StringPiece;

11 using std::string;

12

13 namespace {

14

15 // The test vectors come from draft-agl-tls-chacha20poly1305-04 Section 7.

16

17 // Each test vector consists of six strings of lowercase hexadecimal digits.

18 // The strings may be empty (zero length). A test vector with a nullptr \|key\|

19 // marks the end of an array of test vectors.

20 struct TestVector {

21 // Input:

22 const char* key;

23 const char* iv;

24 const char* aad;

25 const char* ct;

26

27 // Expected output:

28 const char* pt; // An empty string "" means decryption succeeded and

29 // the plaintext is zero-length. NULL means decryption

30 // failed.

31 };

32

33 const TestVector test_vectors[] = {

34 {"4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"

35 "0a1007",

36 "cd7cf67be39c794a", "87e229d4500845a079c0",

37 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" truncated.

38 "86d09974840bded2a5ca"},

39 // Modify the ciphertext (ChaCha20 encryption output).

40 {

41 "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"

42 "0a1007",

43 "cd7cf67be39c794a", "87e229d4500845a079c0",

44 "f3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6"

45 // truncated.

46 nullptr // FAIL

47 },

48 // Modify the ciphertext (Poly1305 authenticator).

49 {

50 "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"

51 "0a1007",

52 "cd7cf67be39c794a", "87e229d4500845a079c0",

53 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28476", // "3896e1d6"

54 // truncated.

55 nullptr // FAIL

56 },

57 // Modify the associated data.

58 {

59 "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"

60 "0a1007",

61 "dd7cf67be39c794a", "87e229d4500845a079c0",

62 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6"

63 // truncated.

64 nullptr // FAIL

65 },

66 {nullptr}};

67

68 } // namespace

69

70 namespace net {

71 namespace test {

72

73 // DecryptWithNonce wraps the \|Decrypt\| method of \|decrypter\| to allow passing

74 // in an nonce and also to allocate the buffer needed for the plaintext.

75 QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter,

76 StringPiece nonce,

77 StringPiece associated_data,

78 StringPiece ciphertext) {

79 QuicPathId path_id = kDefaultPathId;

80 QuicPacketNumber packet_number;

81 StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number));

82 decrypter->SetNoncePrefix(nonce_prefix);

83 memcpy(&packet_number, nonce.data() + nonce_prefix.size(),

84 sizeof(packet_number));

85 path_id = static_cast<QuicPathId>(

86 packet_number >> 8 * (sizeof(packet_number) - sizeof(path_id)));

87 packet_number &= UINT64_C(0x00FFFFFFFFFFFFFF);

88 scoped_ptr<char[]> output(new char[ciphertext.length()]);

89 size_t output_length = 0;

90 const bool success = decrypter->DecryptPacket(

91 path_id, packet_number, associated_data, ciphertext, output.get(),

92 &output_length, ciphertext.length());

93 if (!success) {

94 return nullptr;

95 }

96 return new QuicData(output.release(), output_length, true);

97 }

98

99 TEST(ChaCha20Poly1305DecrypterTest, Decrypt) {

100 for (size_t i = 0; test_vectors[i].key != nullptr; i++) {

101 // If not present then decryption is expected to fail.

102 bool has_pt = test_vectors[i].pt;

103

104 // Decode the test vector.

105 string key;

106 string iv;

107 string aad;

108 string ct;

109 string pt;

110 ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key));

111 ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv));

112 ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad));

113 ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct));

114 if (has_pt) {

115 ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt));

116 }

117

118 ChaCha20Poly1305Decrypter decrypter;

119 ASSERT_TRUE(decrypter.SetKey(key));

120 scoped_ptr<QuicData> decrypted(DecryptWithNonce(

121 &decrypter, iv,

122 // This deliberately tests that the decrypter can handle an AAD that

123 // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.

124 StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), ct));

125 if (!decrypted.get()) {

126 EXPECT_FALSE(has_pt);

127 continue;

128 }

129 EXPECT_TRUE(has_pt);

130

131 ASSERT_EQ(pt.length(), decrypted->length());

132 test::CompareCharArraysWithHexError("plaintext", decrypted->data(),

133 pt.length(), pt.data(), pt.length());

134 }

135 }

136

137 } // namespace test

138 } // namespace net

OLD	NEW

« net/BUILD.gn ('K') | « net/quic/crypto/chacha20_poly1305_decrypter_openssl.cc ('k') | net/quic/crypto/chacha20_poly1305_encrypter_nss.cc » ('j') | net/quic/crypto/crypto_protocol.h » ('J')