net/quic/crypto/chacha20_poly1305_decrypter_test.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/chacha20_poly1305_decrypter.h"
   6
   7 #include "net/quic/test_tools/quic_test_utils.h"
   8
   9 using base::StringPiece;
  10 using std::string;
  11
  12 namespace {
  13
  14 // The test vectors come from draft-agl-tls-chacha20poly1305-04 Section 7.
  15
  16 // Each test vector consists of six strings of lowercase hexadecimal digits.
  17 // The strings may be empty (zero length). A test vector with a NULL |key|
  18 // marks the end of an array of test vectors.
  19 struct TestVector {
  20   // Input:
  21   const char* key;
  22   const char* iv;
  23   const char* aad;
  24   const char* ct;
  25
  26   // Expected output:
  27   const char* pt;  // An empty string "" means decryption succeeded and
  28                    // the plaintext is zero-length. NULL means decryption
  29                    // failed.
  30 };
  31
  32 const TestVector test_vectors[] = {
  33   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  34         "0a1007",
  35     "cd7cf67be39c794a",
  36     "87e229d4500845a079c0",
  37     "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475",  // "3896e1d6" truncated.
  38     "86d09974840bded2a5ca"
  39   },
  40   // Modify the ciphertext (ChaCha20 encryption output).
  41   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  42         "0a1007",
  43     "cd7cf67be39c794a",
  44     "87e229d4500845a079c0",
  45     "f3e446f7ede9a19b62a4677dabf4e3d24b876bb28475",  // "3896e1d6" truncated.
  46     NULL  // FAIL
  47   },
  48   // Modify the ciphertext (Poly1305 authenticator).
  49   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  50         "0a1007",
  51     "cd7cf67be39c794a",
  52     "87e229d4500845a079c0",
  53     "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28476",  // "3896e1d6" truncated.
  54     NULL  // FAIL
  55   },
  56   // Modify the associated data.
  57   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  58         "0a1007",
  59     "dd7cf67be39c794a",
  60     "87e229d4500845a079c0",
  61     "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475",  // "3896e1d6" truncated.
  62     NULL  // FAIL
  63   },
  64   { NULL }
  65 };
  66
  67 }  // namespace
  68
  69 namespace net {
  70 namespace test {
  71
  72 // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing
  73 // in an nonce and also to allocate the buffer needed for the plaintext.
  74 QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter,
  75                            StringPiece nonce,
  76                            StringPiece associated_data,
  77                            StringPiece ciphertext) {
  78   QuicPacketSequenceNumber sequence_number;
  79   StringPiece nonce_prefix(nonce.data(),
  80                            nonce.size() - sizeof(sequence_number));
  81   decrypter->SetNoncePrefix(nonce_prefix);
  82   memcpy(&sequence_number, nonce.data() + nonce_prefix.size(),
  83          sizeof(sequence_number));
  84   scoped_ptr<char[]> output(new char[ciphertext.length()]);
  85   size_t output_length = 0;
  86   const bool success = decrypter->DecryptPacket(
  87       sequence_number, associated_data, ciphertext, output.get(),
  88       &output_length, ciphertext.length());
  89   if (!success) {
  90     return nullptr;
  91   }
  92   return new QuicData(output.release(), output_length, true);
  93 }
  94
  95 TEST(ChaCha20Poly1305DecrypterTest, Decrypt) {
  96   if (!ChaCha20Poly1305Decrypter::IsSupported()) {
  97     LOG(INFO) << "ChaCha20+Poly1305 not supported. Test skipped.";
  98     return;
  99   }
 100
 101   for (size_t i = 0; test_vectors[i].key != nullptr; i++) {
 102     // If not present then decryption is expected to fail.
 103     bool has_pt = test_vectors[i].pt;
 104
 105     // Decode the test vector.
 106     string key;
 107     string iv;
 108     string aad;
 109     string ct;
 110     string pt;
 111     ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key));
 112     ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv));
 113     ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad));
 114     ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct));
 115     if (has_pt) {
 116       ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt));
 117     }
 118
 119     ChaCha20Poly1305Decrypter decrypter;
 120     ASSERT_TRUE(decrypter.SetKey(key));
 121     scoped_ptr<QuicData> decrypted(DecryptWithNonce(
 122         &decrypter, iv,
 123         // This deliberately tests that the decrypter can handle an AAD that
 124         // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.
 125         StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), ct));
 126     if (!decrypted.get()) {
 127       EXPECT_FALSE(has_pt);
 128       continue;
 129     }
 130     EXPECT_TRUE(has_pt);
 131
 132     ASSERT_EQ(pt.length(), decrypted->length());
 133     test::CompareCharArraysWithHexError("plaintext", decrypted->data(),
 134                                         pt.length(), pt.data(), pt.length());
 135   }
 136 }
 137
 138 }  // namespace test
 139 }  // namespace net