Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 1 | // Copyright 2023, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 15 | use bssl_avf::{Aead, AeadContext, ApiName, CipherError, Error, ReasonCode, Result}; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 16 | |
| 17 | /// The following vectors are generated randomly with: |
| 18 | /// `hexdump -vn32 -e'32/1 "0x%02x, " 1 "\n"' /dev/urandom` |
| 19 | const KEY1: [u8; 32] = [ |
| 20 | 0xdb, 0x16, 0xcc, 0xbf, 0xf0, 0xc4, 0xbc, 0x93, 0xc3, 0x5f, 0x11, 0xc5, 0xfa, 0xae, 0x03, 0x6c, |
| 21 | 0x75, 0x40, 0x1f, 0x60, 0xb6, 0x3e, 0xb9, 0x2a, 0x6c, 0x84, 0x06, 0x4b, 0x36, 0x7f, 0xed, 0xdb, |
| 22 | ]; |
| 23 | const KEY2: [u8; 32] = [ |
| 24 | 0xaa, 0x57, 0x7a, 0x1a, 0x8b, 0xa2, 0x59, 0x3b, 0xad, 0x5f, 0x4d, 0x29, 0xe1, 0x0c, 0xaa, 0x85, |
| 25 | 0xde, 0xf9, 0xad, 0xad, 0x8c, 0x11, 0x0c, 0x2e, 0x13, 0x43, 0xd7, 0xdf, 0x2a, 0x43, 0xb9, 0xdd, |
| 26 | ]; |
| 27 | /// The following vectors are generated randomly with: |
| 28 | /// Generated with `hexdump -vn12 -e'12/1 "0x%02x, " 1 "\n"' /dev/urandom` |
| 29 | const AES_256_GCM_NONCE1: [u8; 12] = |
| 30 | [0x56, 0x96, 0x73, 0xe1, 0xc6, 0x3d, 0xca, 0x9a, 0x2f, 0xad, 0x3b, 0xeb]; |
| 31 | const AES_256_GCM_NONCE2: [u8; 12] = |
| 32 | [0xa0, 0x27, 0xea, 0x3a, 0x29, 0xfa, 0x8a, 0x49, 0x35, 0x07, 0x32, 0xec]; |
| 33 | const MESSAGE: &[u8] = b"aead_aes_256_gcm test message"; |
| 34 | |
| 35 | #[test] |
| 36 | fn aes_256_gcm_encrypts_and_decrypts_successfully() -> Result<()> { |
| 37 | let ciphertext = aes_256_gcm_encrypt(MESSAGE)?; |
| 38 | let tag_len = None; |
| 39 | |
| 40 | let ad = &[]; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 41 | let aead_ctx = AeadContext::new(Aead::aes_256_gcm(), &KEY1, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 42 | let mut out = vec![0u8; ciphertext.len()]; |
| 43 | |
| 44 | let plaintext = aead_ctx.open(&ciphertext, &AES_256_GCM_NONCE1, ad, &mut out)?; |
| 45 | |
| 46 | assert_eq!(MESSAGE, plaintext); |
| 47 | Ok(()) |
| 48 | } |
| 49 | |
| 50 | #[test] |
| 51 | fn aes_256_gcm_fails_to_encrypt_with_invalid_nonce() -> Result<()> { |
| 52 | let tag_len = None; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 53 | let aead_ctx = AeadContext::new(Aead::aes_256_gcm(), &KEY1, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 54 | let nonce = &[]; |
| 55 | let ad = &[]; |
| 56 | let mut out = vec![0u8; MESSAGE.len() + aead_ctx.aead().max_overhead()]; |
| 57 | |
| 58 | let err = aead_ctx.seal(MESSAGE, nonce, ad, &mut out).unwrap_err(); |
| 59 | |
| 60 | let expected_err = Error::CallFailed( |
| 61 | ApiName::EVP_AEAD_CTX_seal, |
| 62 | ReasonCode::Cipher(CipherError::InvalidNonceSize), |
| 63 | ); |
| 64 | assert_eq!(expected_err, err); |
| 65 | Ok(()) |
| 66 | } |
| 67 | |
| 68 | #[test] |
| 69 | fn aes_256_gcm_fails_to_decrypt_with_wrong_key() -> Result<()> { |
| 70 | let ciphertext = aes_256_gcm_encrypt(MESSAGE)?; |
| 71 | let tag_len = None; |
| 72 | |
| 73 | let ad = &[]; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 74 | let aead_ctx2 = AeadContext::new(Aead::aes_256_gcm(), &KEY2, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 75 | let mut plaintext = vec![0u8; ciphertext.len()]; |
| 76 | |
| 77 | let err = aead_ctx2.open(&ciphertext, &AES_256_GCM_NONCE1, ad, &mut plaintext).unwrap_err(); |
| 78 | |
| 79 | let expected_err = |
| 80 | Error::CallFailed(ApiName::EVP_AEAD_CTX_open, ReasonCode::Cipher(CipherError::BadDecrypt)); |
| 81 | assert_eq!(expected_err, err); |
| 82 | Ok(()) |
| 83 | } |
| 84 | |
| 85 | #[test] |
| 86 | fn aes_256_gcm_fails_to_decrypt_with_different_ad() -> Result<()> { |
| 87 | let ciphertext = aes_256_gcm_encrypt(MESSAGE)?; |
| 88 | let tag_len = None; |
| 89 | |
| 90 | let ad2 = &[1]; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 91 | let aead_ctx = AeadContext::new(Aead::aes_256_gcm(), &KEY1, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 92 | let mut plaintext = vec![0u8; ciphertext.len()]; |
| 93 | |
| 94 | let err = aead_ctx.open(&ciphertext, &AES_256_GCM_NONCE1, ad2, &mut plaintext).unwrap_err(); |
| 95 | |
| 96 | let expected_err = |
| 97 | Error::CallFailed(ApiName::EVP_AEAD_CTX_open, ReasonCode::Cipher(CipherError::BadDecrypt)); |
| 98 | assert_eq!(expected_err, err); |
| 99 | Ok(()) |
| 100 | } |
| 101 | |
| 102 | #[test] |
| 103 | fn aes_256_gcm_fails_to_decrypt_with_different_nonce() -> Result<()> { |
| 104 | let ciphertext = aes_256_gcm_encrypt(MESSAGE)?; |
| 105 | let tag_len = None; |
| 106 | |
| 107 | let ad = &[]; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 108 | let aead_ctx = AeadContext::new(Aead::aes_256_gcm(), &KEY1, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 109 | let mut plaintext = vec![0u8; ciphertext.len()]; |
| 110 | |
| 111 | let err = aead_ctx.open(&ciphertext, &AES_256_GCM_NONCE2, ad, &mut plaintext).unwrap_err(); |
| 112 | |
| 113 | let expected_err = |
| 114 | Error::CallFailed(ApiName::EVP_AEAD_CTX_open, ReasonCode::Cipher(CipherError::BadDecrypt)); |
| 115 | assert_eq!(expected_err, err); |
| 116 | Ok(()) |
| 117 | } |
| 118 | |
| 119 | #[test] |
| 120 | fn aes_256_gcm_fails_to_decrypt_corrupted_ciphertext() -> Result<()> { |
| 121 | let mut ciphertext = aes_256_gcm_encrypt(MESSAGE)?; |
| 122 | ciphertext[1] = !ciphertext[1]; |
| 123 | let tag_len = None; |
| 124 | |
| 125 | let ad = &[]; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 126 | let aead_ctx = AeadContext::new(Aead::aes_256_gcm(), &KEY1, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 127 | let mut plaintext = vec![0u8; ciphertext.len()]; |
| 128 | |
| 129 | let err = aead_ctx.open(&ciphertext, &AES_256_GCM_NONCE1, ad, &mut plaintext).unwrap_err(); |
| 130 | |
| 131 | let expected_err = |
| 132 | Error::CallFailed(ApiName::EVP_AEAD_CTX_open, ReasonCode::Cipher(CipherError::BadDecrypt)); |
| 133 | assert_eq!(expected_err, err); |
| 134 | Ok(()) |
| 135 | } |
| 136 | |
| 137 | fn aes_256_gcm_encrypt(message: &[u8]) -> Result<Vec<u8>> { |
| 138 | let tag_len = None; |
Alice Wang | 78b35f8 | 2023-10-06 11:57:35 +0000 | [diff] [blame] | 139 | let aead_ctx = AeadContext::new(Aead::aes_256_gcm(), &KEY1, tag_len)?; |
Alice Wang | 69b088f | 2023-09-27 12:54:05 +0000 | [diff] [blame] | 140 | let mut out = vec![0u8; message.len() + aead_ctx.aead().max_overhead()]; |
| 141 | |
| 142 | assert_eq!(aead_ctx.aead().nonce_length(), AES_256_GCM_NONCE1.len()); |
| 143 | let ad = &[]; |
| 144 | |
| 145 | let ciphertext = aead_ctx.seal(message, &AES_256_GCM_NONCE1, ad, &mut out)?; |
| 146 | assert_ne!(message, ciphertext); |
| 147 | Ok(ciphertext.to_vec()) |
| 148 | } |