Gitiles
Code Review Sign In
gerrit.named-data.net / ndncert / fd19485e0796360c699ccbcb7892ae3cecde5f61 / . / tests / unit-tests / crypto-helpers.t.cpp
blob: ff645dd6e3f764ed958d9bcf88999cbf9cac0c8b [file] [log] [blame]
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento914d05f2019-07-13 16:20:19 -0400[diff] [blame]2/*
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame]3 * Copyright (c) 2017-2022, Regents of the University of California.
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]4 *
5 * This file is part of ndncert, a certificate management system based on NDN.
6 *
7 * ndncert is free software: you can redistribute it and/or modify it under the terms
8 * of the GNU General Public License as published by the Free Software Foundation, either
9 * version 3 of the License, or (at your option) any later version.
10 *
11 * ndncert is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License along with
16 * ndncert, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
17 *
18 * See AUTHORS.md for complete list of ndncert authors and contributors.
19 */
20
Zhiyi Zhangdc25ddf2020-10-20 14:28:55 -0700[diff] [blame]21#include "detail/crypto-helpers.hpp"
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame]22
Davide Pesavento829aff62022-05-15 20:30:34 -0400[diff] [blame]23#include "tests/boost-test.hpp"
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]24
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame]25namespace ndncert::tests {
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]26
Zhiyi Zhangb40027f2020-10-20 18:35:27 -0700[diff] [blame]27BOOST_AUTO_TEST_SUITE(TestCryptoHelpers)
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]28
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]29BOOST_AUTO_TEST_CASE(EcdhWithRawKey)
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]30{
31 ECDHState aliceState;
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]32 auto alicePub = aliceState.getSelfPubKey();
33 BOOST_CHECK(!alicePub.empty());
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]34
35 ECDHState bobState;
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]36 auto bobPub = bobState.getSelfPubKey();
37 BOOST_CHECK(!bobPub.empty());
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]38
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]39 auto aliceResult = aliceState.deriveSecret(bobPub);
40 BOOST_CHECK(!aliceResult.empty());
41 auto bobResult = bobState.deriveSecret(alicePub);
42 BOOST_CHECK(!bobResult.empty());
43 BOOST_CHECK_EQUAL_COLLECTIONS(aliceResult.begin(), aliceResult.end(), bobResult.begin(), bobResult.end());
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]44}
45
Zhiyi Zhang8da54d62019-11-21 00:03:05 -0800[diff] [blame]46BOOST_AUTO_TEST_CASE(EcdhWithRawKeyWrongInput)
47{
48 ECDHState aliceState;
Zhiyi Zhangbed854c2020-10-20 18:25:35 -0700[diff] [blame]49 auto alicePub = aliceState.getSelfPubKey();
50 BOOST_CHECK(!alicePub.empty());
Zhiyi Zhang0eb74242020-10-20 18:33:22 -0700[diff] [blame]51 std::vector<uint8_t> fakePub(10, 0x0b);
52 BOOST_CHECK_THROW(aliceState.deriveSecret(fakePub), std::runtime_error);
Zhiyi Zhang8da54d62019-11-21 00:03:05 -0800[diff] [blame]53}
54
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]55BOOST_AUTO_TEST_CASE(HmacSha256)
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]56{
Zhiyi Zhangdd308932020-10-16 21:59:06 -0700[diff] [blame]57 const uint8_t input[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
58 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
59 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
tylerliu00de2c32020-10-20 17:33:08 -0700[diff] [blame]60 const uint8_t key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]61 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c};
62 const uint8_t expected[] = {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
63 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
64 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
65 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5};
66 uint8_t result[32];
tylerliu00de2c32020-10-20 17:33:08 -0700[diff] [blame]67 hmacSha256(input, sizeof(input), key, sizeof(key), result);
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]68 BOOST_CHECK_EQUAL_COLLECTIONS(result, result + sizeof(result), expected,
69 expected + sizeof(expected));
70}
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]71
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]72BOOST_AUTO_TEST_CASE(Hkdf1)
73{
74 // RFC5869 appendix A.1
75 const uint8_t ikm[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
76 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
77 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
78 const uint8_t salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
79 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c};
80 const uint8_t info[] = {0xf0, 0xf1, 0xf2, 0xf3, 0xf4,
81 0xf5, 0xf6, 0xf7, 0xf8, 0xf9};
82 const uint8_t expected[] = {
83 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f,
84 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a,
85 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34,
86 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65};
87 uint8_t result[42];
88 auto resultLen = hkdf(ikm, sizeof(ikm), salt, sizeof(salt), result,
89 sizeof(result), info, sizeof(info));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]90
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]91 BOOST_CHECK_EQUAL(resultLen, sizeof(result));
92 BOOST_CHECK_EQUAL_COLLECTIONS(result, result + sizeof(result), expected,
93 expected + sizeof(expected));
94}
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]95
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]96BOOST_AUTO_TEST_CASE(Hkdf2)
97{
98 // RFC5869 appendix A.2
99 const uint8_t ikm[] = {
100 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
101 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
102 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
103 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
104 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
105 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
106 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f};
107 const uint8_t salt[] = {
108 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
109 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
110 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
111 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
112 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
113 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
114 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf};
115 const uint8_t info[] = {
116 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb,
117 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
118 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3,
119 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
120 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb,
121 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
122 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff};
123 const uint8_t expected[] = {
124 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, 0xf7, 0x8c,
125 0x59, 0x6a, 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
126 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, 0x5a, 0x99,
127 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
128 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 0x36, 0x77, 0x93, 0xa9,
129 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
130 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87};
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]131
Davide Pesavento368341b2019-08-13 23:57:50 -0400[diff] [blame]132 uint8_t result[82];
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]133 auto resultLen = hkdf(ikm, sizeof(ikm), salt, sizeof(salt), result,
134 sizeof(result), info, sizeof(info));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]135
Zhiyi Zhanga2ce5992019-08-14 17:35:00 -0700[diff] [blame]136 BOOST_CHECK_EQUAL(resultLen, sizeof(result));
137 BOOST_CHECK_EQUAL_COLLECTIONS(result, result + sizeof(result), expected,
138 expected + sizeof(expected));
139}
140
141BOOST_AUTO_TEST_CASE(Hkdf3)
142{
143 // RFC5869 appendix A.3
144 const uint8_t ikm[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
145 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
146 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b};
147 const uint8_t expected[] = {
148 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, 0x80,
149 0x2a, 0x06, 0x3c, 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1,
150 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, 0x9d,
151 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8};
152 uint8_t result[42];
153
154 auto resultLen = hkdf(ikm, sizeof(ikm), nullptr, 0, result,
155 sizeof(result), nullptr, 0);
156
157 BOOST_CHECK_EQUAL(resultLen, sizeof(result));
158 BOOST_CHECK_EQUAL_COLLECTIONS(result, result + sizeof(result), expected,
159 expected + sizeof(expected));
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]160}
161
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]162BOOST_AUTO_TEST_CASE(AesGcm1)
163{
164 // Test case from NIST Cryptographic Algorithm Validation Program
165 // https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/CAVP-TESTING-BLOCK-CIPHER-MODES
166 // Count = 0
167 // Key = cf063a34d4a9a76c2c86787d3f96db71
168 // IV = 113b9785971864c83b01c787
169 // CT =
170 // AAD =
171 // Tag = 72ac8493e3a5228b5d130a69d2510e42
172 // PT =
173 const uint8_t key[] = {0xcf, 0x06, 0x3a, 0x34, 0xd4, 0xa9, 0xa7, 0x6c,
174 0x2c, 0x86, 0x78, 0x7d, 0x3f, 0x96, 0xdb, 0x71};
175 const uint8_t iv[] = {0x11, 0x3b, 0x97, 0x85, 0x97, 0x18,
176 0x64, 0xc8, 0x3b, 0x01, 0xc7, 0x87};
177 const uint8_t expected_tag[] = {0x72, 0xac, 0x84, 0x93, 0xe3, 0xa5,
178 0x22, 0x8b, 0x5d, 0x13, 0x0a, 0x69,
179 0xd2, 0x51, 0x0e, 0x42};
180
181 uint8_t ciphertext[256] = {0};
182 uint8_t tag[16] = {0};
tylerliu06aa3682020-10-12 22:03:42 -0700[diff] [blame]183 const uint8_t empty_buffer[1] = {0};
Zhiyi Zhang11cf7eb2020-10-20 15:43:36 -0700[diff] [blame]184 int size = aesGcm128Encrypt(empty_buffer, 0, empty_buffer, 0, key, iv, ciphertext, tag);
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]185 BOOST_CHECK(size == 0);
186 BOOST_CHECK_EQUAL_COLLECTIONS(tag, tag + 16, expected_tag, expected_tag + sizeof(expected_tag));
187
188 uint8_t decrypted[256] = {0};
Zhiyi Zhang11cf7eb2020-10-20 15:43:36 -0700[diff] [blame]189 size = aesGcm128Decrypt(ciphertext, size, empty_buffer, 0, tag, key, iv, decrypted);
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]190 BOOST_CHECK(size == 0);
191}
192
193BOOST_AUTO_TEST_CASE(AesGcm2)
194{
195 // Test case from NIST Cryptographic Algorithm Validation Program
196 // https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/CAVP-TESTING-BLOCK-CIPHER-MODES
197 // Count = 1
198 // Key = 2370e320d4344208e0ff5683f243b213
199 // IV = 04dbb82f044d30831c441228
200 // CT =
201 // AAD = d43a8e5089eea0d026c03a85178b27da
202 // Tag = 2a049c049d25aa95969b451d93c31c6e
203 // PT =
204 const uint8_t key[] = {0x23, 0x70, 0xe3, 0x20, 0xd4, 0x34, 0x42, 0x08,
205 0xe0, 0xff, 0x56, 0x83, 0xf2, 0x43, 0xb2, 0x13};
206 const uint8_t iv[] = {0x04, 0xdb, 0xb8, 0x2f, 0x04, 0x4d,
207 0x30, 0x83, 0x1c, 0x44, 0x12, 0x28};
208 const uint8_t aad[] = {0xd4, 0x3a, 0x8e, 0x50, 0x89, 0xee, 0xa0, 0xd0,
209 0x26, 0xc0, 0x3a, 0x85, 0x17, 0x8b, 0x27, 0xda};
210 const uint8_t expected_tag[] = {0x2a, 0x04, 0x9c, 0x04, 0x9d, 0x25,
211 0xaa, 0x95, 0x96, 0x9b, 0x45, 0x1d,
212 0x93, 0xc3, 0x1c, 0x6e};
213
214 uint8_t ciphertext[256] = {0};
215 uint8_t tag[16] = {0};
tylerliu06aa3682020-10-12 22:03:42 -0700[diff] [blame]216 const uint8_t empty_buffer[1] = {0};
Zhiyi Zhang11cf7eb2020-10-20 15:43:36 -0700[diff] [blame]217 int size = aesGcm128Encrypt(empty_buffer, 0, aad, sizeof(aad), key, iv, ciphertext, tag);
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]218 BOOST_CHECK(size == 0);
219 BOOST_CHECK_EQUAL_COLLECTIONS(tag, tag + 16, expected_tag, expected_tag + sizeof(expected_tag));
220
221 uint8_t decrypted[256] = {0};
Zhiyi Zhang11cf7eb2020-10-20 15:43:36 -0700[diff] [blame]222 size = aesGcm128Decrypt(ciphertext, size, aad, sizeof(aad), tag, key, iv, decrypted);
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]223 BOOST_CHECK(size == 0);
224}
225
226BOOST_AUTO_TEST_CASE(AesGcm3)
227{
228 // Test case from NIST Cryptographic Algorithm Validation Program
229 // https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/CAVP-TESTING-BLOCK-CIPHER-MODES
230 // Count = 0
231 // Key = bc22f3f05cc40db9311e4192966fee92
232 // IV = 134988e662343c06d3ab83db
233 // CT = 4c0168ab95d3a10ef25e5924108389365c67d97778995892d9fd46897384af61fc559212b3267e90fe4df7bfd1fbed46f4b9ee
234 // AAD = 10087e6ed81049b509c31d12fee88c64
235 // Tag = 771357958a316f166bd0dacc98ea801a
236 // PT = 337c1bc992386cf0f957617fe4d5ec1218ae1cc40369305518eb177e9b15c1646b142ff71237efaa58790080cd82e8848b295c
237 const uint8_t key[] = {0xbc, 0x22, 0xf3, 0xf0, 0x5c, 0xc4, 0x0d, 0xb9,
238 0x31, 0x1e, 0x41, 0x92, 0x96, 0x6f, 0xee, 0x92};
239 const uint8_t iv[] = {0x13, 0x49, 0x88, 0xe6, 0x62, 0x34,
240 0x3c, 0x06, 0xd3, 0xab, 0x83, 0xdb};
241 const uint8_t aad[] = {0x10, 0x08, 0x7e, 0x6e, 0xd8, 0x10, 0x49, 0xb5,
242 0x09, 0xc3, 0x1d, 0x12, 0xfe, 0xe8, 0x8c, 0x64};
243 const uint8_t expected_ciphertext[] = {
244 0x4c, 0x01, 0x68, 0xab, 0x95, 0xd3, 0xa1, 0x0e, 0xf2, 0x5e, 0x59,
245 0x24, 0x10, 0x83, 0x89, 0x36, 0x5c, 0x67, 0xd9, 0x77, 0x78, 0x99,
246 0x58, 0x92, 0xd9, 0xfd, 0x46, 0x89, 0x73, 0x84, 0xaf, 0x61, 0xfc,
247 0x55, 0x92, 0x12, 0xb3, 0x26, 0x7e, 0x90, 0xfe, 0x4d, 0xf7, 0xbf,
248 0xd1, 0xfb, 0xed, 0x46, 0xf4, 0xb9, 0xee};
249 const uint8_t expected_tag[] = {0x77, 0x13, 0x57, 0x95, 0x8a, 0x31,
250 0x6f, 0x16, 0x6b, 0xd0, 0xda, 0xcc,
251 0x98, 0xea, 0x80, 0x1a};
252 const uint8_t plaintext[] = {
253 0x33, 0x7c, 0x1b, 0xc9, 0x92, 0x38, 0x6c, 0xf0, 0xf9, 0x57, 0x61,
254 0x7f, 0xe4, 0xd5, 0xec, 0x12, 0x18, 0xae, 0x1c, 0xc4, 0x03, 0x69,
255 0x30, 0x55, 0x18, 0xeb, 0x17, 0x7e, 0x9b, 0x15, 0xc1, 0x64, 0x6b,
256 0x14, 0x2f, 0xf7, 0x12, 0x37, 0xef, 0xaa, 0x58, 0x79, 0x00, 0x80,
257 0xcd, 0x82, 0xe8, 0x84, 0x8b, 0x29, 0x5c};
258
259 uint8_t ciphertext[256] = {0};
260 uint8_t tag[16] = {0};
Zhiyi Zhang11cf7eb2020-10-20 15:43:36 -0700[diff] [blame]261 int size = aesGcm128Encrypt(plaintext, sizeof(plaintext), aad, sizeof(aad), key, iv, ciphertext, tag);
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]262 BOOST_CHECK_EQUAL_COLLECTIONS(ciphertext, ciphertext + size,
263 expected_ciphertext, expected_ciphertext + sizeof(expected_ciphertext));
264 BOOST_CHECK_EQUAL_COLLECTIONS(tag, tag + 16, expected_tag, expected_tag + sizeof(expected_tag));
265
266 uint8_t decrypted[256] = {0};
Zhiyi Zhang11cf7eb2020-10-20 15:43:36 -0700[diff] [blame]267 size = aesGcm128Decrypt(ciphertext, size, aad, sizeof(aad), tag, key, iv, decrypted);
Zhiyi Zhang82e0c722020-10-14 17:51:29 -0700[diff] [blame]268 BOOST_CHECK_EQUAL_COLLECTIONS(decrypted, decrypted + size,
269 plaintext, plaintext + sizeof(plaintext));
Zhiyi Zhanga67fa462020-04-19 13:48:03 -0700[diff] [blame]270}
271
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]272BOOST_AUTO_TEST_CASE(AesIV)
273{
274 const uint8_t key[] = {0xbc, 0x22, 0xf3, 0xf0, 0x5c, 0xc4, 0x0d, 0xb9,
275 0x31, 0x1e, 0x41, 0x92, 0x96, 0x6f, 0xee, 0x92};
276 const std::string plaintext = "alongstringalongstringalongstringalongstringalongstringalongstringalongstringalongstring";
277 const std::string associatedData = "test";
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]278 std::vector<uint8_t> encryptionIv = {};
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]279 auto block = encodeBlockWithAesGcm128(ndn::tlv::Content, key, (uint8_t*)plaintext.c_str(), plaintext.size(),
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]280 (uint8_t*)associatedData.c_str(), associatedData.size(), encryptionIv);
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]281 block.parse();
282 auto ivBlock = block.get(tlv::InitializationVector);
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]283 ndn::Buffer ivBuf(ivBlock.value(), ivBlock.value_size());
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]284 BOOST_CHECK_EQUAL(ivBuf.size(), 12);
Davide Pesaventoa34d6de2021-11-18 22:16:04 -0500[diff] [blame]285 BOOST_CHECK_EQUAL(loadBigU32(&encryptionIv[8]), 6);
286 BOOST_CHECK_EQUAL(loadBigU32(&ivBuf[8]), 0);
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]287
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]288 block = encodeBlockWithAesGcm128(ndn::tlv::ApplicationParameters, key, (uint8_t*)plaintext.c_str(), plaintext.size(),
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]289 (uint8_t*)associatedData.c_str(), associatedData.size(), encryptionIv);
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]290 block.parse();
291 ivBlock = block.get(tlv::InitializationVector);
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]292 ndn::Buffer ivBuf2(ivBlock.value(), ivBlock.value_size());
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]293 BOOST_CHECK_EQUAL(std::memcmp(ivBuf2.data(), encryptionIv.data(), 8), 0);
Zhiyi Zhang222810b2020-10-16 21:50:35 -0700[diff] [blame]294}
295
Zhiyi Zhangc5d93a92020-10-14 17:07:35 -0700[diff] [blame]296BOOST_AUTO_TEST_CASE(BlockEncodingDecoding)
297{
298 const uint8_t key[] = {0xbc, 0x22, 0xf3, 0xf0, 0x5c, 0xc4, 0x0d, 0xb9,
299 0x31, 0x1e, 0x41, 0x92, 0x96, 0x6f, 0xee, 0x92};
300 const std::string plaintext = "alongstringalongstringalongstringalongstringalongstringalongstringalongstringalongstring";
Zhiyi Zhang0fe18652020-10-21 13:07:31 -0700[diff] [blame]301 const std::string plaintext2 = "shortstring";
Zhiyi Zhangdd308932020-10-16 21:59:06 -0700[diff] [blame]302 const std::string associatedData = "right";
303 const std::string wrongAssociatedData = "wrong";
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]304 std::vector<uint8_t> encryptionIv;
305 std::vector<uint8_t> decryptionIv;
Zhiyi Zhang0fe18652020-10-21 13:07:31 -0700[diff] [blame]306 // long string encryption
Zhiyi Zhangc5d93a92020-10-14 17:07:35 -0700[diff] [blame]307 auto block = encodeBlockWithAesGcm128(ndn::tlv::Content, key, (uint8_t*)plaintext.c_str(), plaintext.size(),
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]308 (uint8_t*)associatedData.c_str(), associatedData.size(), encryptionIv);
Zhiyi Zhang3b9a5032021-02-18 11:15:09 -0800[diff] [blame]309 BOOST_CHECK_EQUAL(encryptionIv.size(), 12);
310 // the decryption's random component cannot be the same as encryption IV
311 BOOST_CHECK_THROW(decodeBlockWithAesGcm128(block, key,
312 (uint8_t*)associatedData.c_str(),
313 associatedData.size(), decryptionIv, encryptionIv),
314 std::runtime_error);
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]315 auto decoded = decodeBlockWithAesGcm128(block, key, (uint8_t*)associatedData.c_str(), associatedData.size(),
Zhiyi Zhang3b9a5032021-02-18 11:15:09 -0800[diff] [blame]316 decryptionIv, std::vector<uint8_t>());
317 BOOST_CHECK_EQUAL(decryptionIv.size(), 12);
Zhiyi Zhangdd308932020-10-16 21:59:06 -0700[diff] [blame]318 BOOST_CHECK_EQUAL(plaintext, std::string(decoded.get<char>(), decoded.size()));
Zhiyi Zhang0fe18652020-10-21 13:07:31 -0700[diff] [blame]319
320 // short string encryption
321 block = encodeBlockWithAesGcm128(ndn::tlv::Content, key, (uint8_t*)plaintext2.c_str(), plaintext2.size(),
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]322 (uint8_t*)associatedData.c_str(), associatedData.size(), encryptionIv);
323 decoded = decodeBlockWithAesGcm128(block, key, (uint8_t*)associatedData.c_str(), associatedData.size(),
Zhiyi Zhang3b9a5032021-02-18 11:15:09 -0800[diff] [blame]324 decryptionIv, std::vector<uint8_t>());
Zhiyi Zhang0fe18652020-10-21 13:07:31 -0700[diff] [blame]325 BOOST_CHECK_EQUAL(plaintext2, std::string(decoded.get<char>(), decoded.size()));
326
327 // use wrong associated data
Zhiyi Zhang199508a2020-10-21 10:45:50 -0700[diff] [blame]328 BOOST_CHECK_THROW(decodeBlockWithAesGcm128(block, key,
329 (uint8_t*)wrongAssociatedData.c_str(),
Zhiyi Zhang3b9a5032021-02-18 11:15:09 -0800[diff] [blame]330 wrongAssociatedData.size(), decryptionIv, std::vector<uint8_t>()),
331 std::runtime_error);
Zhiyi Zhang4f1c0102020-12-21 15:08:09 -0800[diff] [blame]332 // use wrong last observed IV
333 decryptionIv[0] += 1;
334 BOOST_CHECK_THROW(decodeBlockWithAesGcm128(block, key,
335 (uint8_t*)associatedData.c_str(),
Zhiyi Zhang3b9a5032021-02-18 11:15:09 -0800[diff] [blame]336 associatedData.size(), decryptionIv, std::vector<uint8_t>()),
337 std::runtime_error);
Zhiyi Zhangc5d93a92020-10-14 17:07:35 -0700[diff] [blame]338}
339
Davide Pesavento0dc02012021-11-23 22:55:03 -0500[diff] [blame]340BOOST_AUTO_TEST_SUITE_END() // TestCryptoHelpers
Zhiyi Zhangaf7c2902019-03-14 22:13:21 -0700[diff] [blame]341
Davide Pesavento0d1d11c2022-04-11 22:11:34 -0400[diff] [blame]342} // namespace ndncert::tests