1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "quiche/quic/core/crypto/chacha20_poly1305_encrypter.h"
6
7 #include <memory>
8 #include <string>
9
10 #include "absl/base/macros.h"
11 #include "absl/strings/escaping.h"
12 #include "absl/strings/string_view.h"
13 #include "quiche/quic/core/crypto/chacha20_poly1305_decrypter.h"
14 #include "quiche/quic/core/quic_utils.h"
15 #include "quiche/quic/platform/api/quic_test.h"
16 #include "quiche/quic/test_tools/quic_test_utils.h"
17 #include "quiche/common/test_tools/quiche_test_utils.h"
18
19 namespace {
20
21 // The test vectors come from RFC 7539 Section 2.8.2.
22
23 // Each test vector consists of five strings of lowercase hexadecimal digits.
24 // The strings may be empty (zero length). A test vector with a nullptr |key|
25 // marks the end of an array of test vectors.
26 struct TestVector {
27 const char* key;
28 const char* pt;
29 const char* iv;
30 const char* fixed;
31 const char* aad;
32 const char* ct;
33 };
34
35 const TestVector test_vectors[] = {
36 {
37 "808182838485868788898a8b8c8d8e8f"
38 "909192939495969798999a9b9c9d9e9f",
39
40 "4c616469657320616e642047656e746c"
41 "656d656e206f662074686520636c6173"
42 "73206f66202739393a20496620492063"
43 "6f756c64206f6666657220796f75206f"
44 "6e6c79206f6e652074697020666f7220"
45 "746865206675747572652c2073756e73"
46 "637265656e20776f756c642062652069"
47 "742e",
48
49 "4041424344454647",
50
51 "07000000",
52
53 "50515253c0c1c2c3c4c5c6c7",
54
55 "d31a8d34648e60db7b86afbc53ef7ec2"
56 "a4aded51296e08fea9e2b5a736ee62d6"
57 "3dbea45e8ca9671282fafb69da92728b"
58 "1a71de0a9e060b2905d6a5b67ecd3b36"
59 "92ddbd7f2d778b8c9803aee328091b58"
60 "fab324e4fad675945585808b4831d7bc"
61 "3ff4def08e4b7a9de576d26586cec64b"
62 "6116"
63 "1ae10b594f09e26a7e902ecb", // "d0600691" truncated
64 },
65 {nullptr, nullptr, nullptr, nullptr, nullptr, nullptr}};
66
67 } // namespace
68
69 namespace quic {
70 namespace test {
71
72 // EncryptWithNonce wraps the |Encrypt| method of |encrypter| to allow passing
73 // in an nonce and also to allocate the buffer needed for the ciphertext.
EncryptWithNonce(ChaCha20Poly1305Encrypter * encrypter,absl::string_view nonce,absl::string_view associated_data,absl::string_view plaintext)74 QuicData* EncryptWithNonce(ChaCha20Poly1305Encrypter* encrypter,
75 absl::string_view nonce,
76 absl::string_view associated_data,
77 absl::string_view plaintext) {
78 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
79 std::unique_ptr<char[]> ciphertext(new char[ciphertext_size]);
80
81 if (!encrypter->Encrypt(nonce, associated_data, plaintext,
82 reinterpret_cast<unsigned char*>(ciphertext.get()))) {
83 return nullptr;
84 }
85
86 return new QuicData(ciphertext.release(), ciphertext_size, true);
87 }
88
89 class ChaCha20Poly1305EncrypterTest : public QuicTest {};
90
TEST_F(ChaCha20Poly1305EncrypterTest,EncryptThenDecrypt)91 TEST_F(ChaCha20Poly1305EncrypterTest, EncryptThenDecrypt) {
92 ChaCha20Poly1305Encrypter encrypter;
93 ChaCha20Poly1305Decrypter decrypter;
94
95 std::string key;
96 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[0].key, &key));
97 ASSERT_TRUE(encrypter.SetKey(key));
98 ASSERT_TRUE(decrypter.SetKey(key));
99 ASSERT_TRUE(encrypter.SetNoncePrefix("abcd"));
100 ASSERT_TRUE(decrypter.SetNoncePrefix("abcd"));
101
102 uint64_t packet_number = UINT64_C(0x123456789ABC);
103 std::string associated_data = "associated_data";
104 std::string plaintext = "plaintext";
105 char encrypted[1024];
106 size_t len;
107 ASSERT_TRUE(encrypter.EncryptPacket(packet_number, associated_data, plaintext,
108 encrypted, &len,
109 ABSL_ARRAYSIZE(encrypted)));
110 absl::string_view ciphertext(encrypted, len);
111 char decrypted[1024];
112 ASSERT_TRUE(decrypter.DecryptPacket(packet_number, associated_data,
113 ciphertext, decrypted, &len,
114 ABSL_ARRAYSIZE(decrypted)));
115 }
116
TEST_F(ChaCha20Poly1305EncrypterTest,Encrypt)117 TEST_F(ChaCha20Poly1305EncrypterTest, Encrypt) {
118 for (size_t i = 0; test_vectors[i].key != nullptr; i++) {
119 // Decode the test vector.
120 std::string key;
121 std::string pt;
122 std::string iv;
123 std::string fixed;
124 std::string aad;
125 std::string ct;
126 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[i].key, &key));
127 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[i].pt, &pt));
128 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[i].iv, &iv));
129 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[i].fixed, &fixed));
130 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[i].aad, &aad));
131 ASSERT_TRUE(absl::HexStringToBytes(test_vectors[i].ct, &ct));
132
133 ChaCha20Poly1305Encrypter encrypter;
134 ASSERT_TRUE(encrypter.SetKey(key));
135 std::unique_ptr<QuicData> encrypted(EncryptWithNonce(
136 &encrypter, fixed + iv,
137 // This deliberately tests that the encrypter can handle an AAD that
138 // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.
139 absl::string_view(aad.length() ? aad.data() : nullptr, aad.length()),
140 pt));
141 ASSERT_TRUE(encrypted.get());
142 EXPECT_EQ(12u, ct.size() - pt.size());
143 EXPECT_EQ(12u, encrypted->length() - pt.size());
144
145 quiche::test::CompareCharArraysWithHexError("ciphertext", encrypted->data(),
146 encrypted->length(), ct.data(),
147 ct.length());
148 }
149 }
150
TEST_F(ChaCha20Poly1305EncrypterTest,GetMaxPlaintextSize)151 TEST_F(ChaCha20Poly1305EncrypterTest, GetMaxPlaintextSize) {
152 ChaCha20Poly1305Encrypter encrypter;
153 EXPECT_EQ(1000u, encrypter.GetMaxPlaintextSize(1012));
154 EXPECT_EQ(100u, encrypter.GetMaxPlaintextSize(112));
155 EXPECT_EQ(10u, encrypter.GetMaxPlaintextSize(22));
156 }
157
TEST_F(ChaCha20Poly1305EncrypterTest,GetCiphertextSize)158 TEST_F(ChaCha20Poly1305EncrypterTest, GetCiphertextSize) {
159 ChaCha20Poly1305Encrypter encrypter;
160 EXPECT_EQ(1012u, encrypter.GetCiphertextSize(1000));
161 EXPECT_EQ(112u, encrypter.GetCiphertextSize(100));
162 EXPECT_EQ(22u, encrypter.GetCiphertextSize(10));
163 }
164
165 } // namespace test
166 } // namespace quic
167