1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 extern crate alloc;
16
17 use alloc::vec;
18 use crypto_provider::aes::BLOCK_SIZE;
19 use crypto_provider_default::CryptoProviderImpl;
20 use ldt::{
21 DefaultPadder, LdtCipher, LdtDecryptCipher, LdtEncryptCipher, LdtError, LdtKey, Padder, Swap,
22 XorPadder,
23 };
24 use xts_aes::{XtsAes128, XtsAes128Key};
25
26 #[test]
normal_pad_empty()27 fn normal_pad_empty() {
28 let padder = DefaultPadder;
29 let tweak: xts_aes::Tweak =
30 <DefaultPadder as Padder<16, XtsAes128<CryptoProviderImpl>>>::pad_tweak(&padder, &[]);
31 let bytes = tweak.le_bytes();
32
33 // leading 1 bit
34 let mut expected = [0; 16];
35 expected[0] = 0x80;
36 assert_eq!(expected, bytes);
37 }
38
39 #[test]
normal_pad_one_byte()40 fn normal_pad_one_byte() {
41 let padder = DefaultPadder;
42 let tweak: xts_aes::Tweak =
43 <DefaultPadder as Padder<16, XtsAes128<CryptoProviderImpl>>>::pad_tweak(&padder, &[0x81]);
44
45 let bytes = tweak.le_bytes();
46
47 // 1 bit after original byte
48 let mut expected = [0; 16];
49 expected[0] = 0x81;
50 expected[1] = 0x80;
51 assert_eq!(expected, bytes);
52 }
53
54 #[test]
normal_pad_max_len()55 fn normal_pad_max_len() {
56 let padder = DefaultPadder;
57 let input = [0x99; 15];
58 let tweak: xts_aes::Tweak =
59 <DefaultPadder as Padder<16, XtsAes128<CryptoProviderImpl>>>::pad_tweak(&padder, &input);
60
61 let bytes = tweak.le_bytes();
62
63 // 1 bit after original bytes
64 let mut expected = [0x99; 16];
65 expected[15] = 0x80;
66 assert_eq!(expected, bytes);
67 }
68
69 #[test]
70 #[should_panic]
normal_pad_too_big_panics()71 fn normal_pad_too_big_panics() {
72 let padder = DefaultPadder;
73 let input = [0x99; 16];
74 let _ =
75 <DefaultPadder as Padder<16, XtsAes128<CryptoProviderImpl>>>::pad_tweak(&padder, &input);
76 }
77
78 #[test]
xor_pad_empty()79 fn xor_pad_empty() {
80 let padder = [0x24; BLOCK_SIZE].into();
81 let tweak: xts_aes::Tweak = <XorPadder<BLOCK_SIZE> as Padder<
82 BLOCK_SIZE,
83 XtsAes128<CryptoProviderImpl>,
84 >>::pad_tweak(&padder, &[]);
85
86 let bytes = tweak.le_bytes();
87
88 // leading 1 bit
89 let mut expected = [0x24; BLOCK_SIZE];
90 expected[0] = 0x24 ^ 0x80;
91 assert_eq!(expected, bytes);
92 }
93
94 #[test]
xor_pad_one_byte()95 fn xor_pad_one_byte() {
96 let padder = [0x24; BLOCK_SIZE].into();
97 let tweak: xts_aes::Tweak = <XorPadder<BLOCK_SIZE> as Padder<
98 BLOCK_SIZE,
99 XtsAes128<CryptoProviderImpl>,
100 >>::pad_tweak(&padder, &[0x81]);
101
102 let bytes = tweak.le_bytes();
103
104 // 1 bit after original byte
105 let mut expected = [0x24; BLOCK_SIZE];
106 expected[0] = 0x81 ^ 0x24;
107 expected[1] = 0x80 ^ 0x24;
108 assert_eq!(expected, bytes);
109 }
110
111 #[test]
xor_pad_max_len()112 fn xor_pad_max_len() {
113 let padder = [0x24; BLOCK_SIZE].into();
114 let input = [0x99; 15];
115 let tweak: xts_aes::Tweak = <XorPadder<BLOCK_SIZE> as Padder<
116 BLOCK_SIZE,
117 XtsAes128<CryptoProviderImpl>,
118 >>::pad_tweak(&padder, &input);
119
120 let bytes = tweak.le_bytes();
121
122 // 1 bit after original bytes
123 let mut expected = [0x99 ^ 0x24; BLOCK_SIZE];
124 expected[15] = 0x80 ^ 0x24;
125 assert_eq!(expected, bytes);
126 }
127
128 #[test]
129 #[should_panic]
xor_pad_too_big_panics()130 fn xor_pad_too_big_panics() {
131 let padder = [0x24; BLOCK_SIZE].into();
132 // need 1 byte for padding, and 2 more for salt
133 let input = [0x99; 16];
134 let _ = <XorPadder<BLOCK_SIZE> as Padder<BLOCK_SIZE, XtsAes128<CryptoProviderImpl>>>::pad_tweak(
135 &padder, &input,
136 );
137 }
138
139 #[test]
encrypt_too_short_err()140 fn encrypt_too_short_err() {
141 do_length_check_enc(15)
142 }
143
144 #[test]
encrypt_too_long_err()145 fn encrypt_too_long_err() {
146 do_length_check_enc(32)
147 }
148
149 #[test]
decrypt_too_short_err()150 fn decrypt_too_short_err() {
151 do_length_check_dec(15)
152 }
153
154 #[test]
decrypt_too_long_err()155 fn decrypt_too_long_err() {
156 do_length_check_dec(32)
157 }
158
do_length_check_dec(len: usize)159 fn do_length_check_dec(len: usize) {
160 let ldt_dec = LdtDecryptCipher::<{ BLOCK_SIZE }, XtsAes128<CryptoProviderImpl>, Swap>::new(
161 &LdtKey::<XtsAes128Key>::from_concatenated(&[0u8; 64]),
162 );
163
164 let mut payload = vec![0; len];
165 assert_eq!(Err(LdtError::InvalidLength(len)), ldt_dec.decrypt(&mut payload, &DefaultPadder));
166 }
167
do_length_check_enc(len: usize)168 fn do_length_check_enc(len: usize) {
169 let ldt_enc = LdtEncryptCipher::<{ BLOCK_SIZE }, XtsAes128<CryptoProviderImpl>, Swap>::new(
170 &LdtKey::<XtsAes128Key>::from_concatenated(&[0u8; 64]),
171 );
172
173 let mut payload = vec![0; len];
174 assert_eq!(Err(LdtError::InvalidLength(len)), ldt_enc.encrypt(&mut payload, &DefaultPadder));
175 }
176