net/quic/crypto/chacha20_poly1305_decrypter_test.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/chacha20_poly1305_decrypter.h"
   6
   7 #include "net/quic/test_tools/quic_test_utils.h"
   8
   9 using base::StringPiece;
  10 using std::string;
  11
  12 namespace {
  13
  14 // The test vectors come from draft-agl-tls-chacha20poly1305-04 Section 7.
  15
  16 // Each test vector consists of six strings of lowercase hexadecimal digits.
  17 // The strings may be empty (zero length). A test vector with a NULL |key|
  18 // marks the end of an array of test vectors.
  19 struct TestVector {
  20   // Input:
  21   const char* key;
  22   const char* iv;
  23   const char* aad;
  24   const char* ct;
  25
  26   // Expected output:
  27   const char* pt;  // An empty string "" means decryption succeeded and
  28                    // the plaintext is zero-length. NULL means decryption
  29                    // failed.
  30 };
  31
  32 const TestVector test_vectors[] = {
  33   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  34         "0a1007",
  35     "cd7cf67be39c794a",
  36     "87e229d4500845a079c0",
  37     "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475",  // "3896e1d6" truncated.
  38     "86d09974840bded2a5ca"
  39   },
  40   // Modify the ciphertext (ChaCha20 encryption output).
  41   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  42         "0a1007",
  43     "cd7cf67be39c794a",
  44     "87e229d4500845a079c0",
  45     "f3e446f7ede9a19b62a4677dabf4e3d24b876bb28475",  // "3896e1d6" truncated.
  46     NULL  // FAIL
  47   },
  48   // Modify the ciphertext (Poly1305 authenticator).
  49   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  50         "0a1007",
  51     "cd7cf67be39c794a",
  52     "87e229d4500845a079c0",
  53     "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28476",  // "3896e1d6" truncated.
  54     NULL  // FAIL
  55   },
  56   // Modify the associated data.
  57   { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
  58         "0a1007",
  59     "dd7cf67be39c794a",
  60     "87e229d4500845a079c0",
  61     "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475",  // "3896e1d6" truncated.
  62     NULL  // FAIL
  63   },
  64   { NULL }
  65 };
  66
  67 }  // namespace
  68
  69 namespace net {
  70 namespace test {
  71
  72 // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing
  73 // in an nonce and also to allocate the buffer needed for the plaintext.
  74 QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter,
  75                            StringPiece nonce,
  76                            StringPiece associated_data,
  77                            StringPiece ciphertext) {
  78   QuicPacketNumber packet_number;
  79   StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number));
  80   decrypter->SetNoncePrefix(nonce_prefix);
  81   memcpy(&packet_number, nonce.data() + nonce_prefix.size(),
  82          sizeof(packet_number));
  83   scoped_ptr<char[]> output(new char[ciphertext.length()]);
  84   size_t output_length = 0;
  85   const bool success = decrypter->DecryptPacket(
  86       packet_number, associated_data, ciphertext, output.get(), &output_length,
  87       ciphertext.length());
  88   if (!success) {
  89     return nullptr;
  90   }
  91   return new QuicData(output.release(), output_length, true);
  92 }
  93
  94 TEST(ChaCha20Poly1305DecrypterTest, Decrypt) {
  95   if (!ChaCha20Poly1305Decrypter::IsSupported()) {
  96     LOG(INFO) << "ChaCha20+Poly1305 not supported. Test skipped.";
  97     return;
  98   }
  99
 100   for (size_t i = 0; test_vectors[i].key != nullptr; i++) {
 101     // If not present then decryption is expected to fail.
 102     bool has_pt = test_vectors[i].pt;
 103
 104     // Decode the test vector.
 105     string key;
 106     string iv;
 107     string aad;
 108     string ct;
 109     string pt;
 110     ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key));
 111     ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv));
 112     ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad));
 113     ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct));
 114     if (has_pt) {
 115       ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt));
 116     }
 117
 118     ChaCha20Poly1305Decrypter decrypter;
 119     ASSERT_TRUE(decrypter.SetKey(key));
 120     scoped_ptr<QuicData> decrypted(DecryptWithNonce(
 121         &decrypter, iv,
 122         // This deliberately tests that the decrypter can handle an AAD that
 123         // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.
 124         StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), ct));
 125     if (!decrypted.get()) {
 126       EXPECT_FALSE(has_pt);
 127       continue;
 128     }
 129     EXPECT_TRUE(has_pt);
 130
 131     ASSERT_EQ(pt.length(), decrypted->length());
 132     test::CompareCharArraysWithHexError("plaintext", decrypted->data(),
 133                                         pt.length(), pt.data(), pt.length());
 134   }
 135 }
 136
 137 }  // namespace test
 138 }  // namespace net