1*e7b1675dSTing-Kang Chang// Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage subtle_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "bytes" 21*e7b1675dSTing-Kang Chang "encoding/hex" 22*e7b1675dSTing-Kang Chang "testing" 23*e7b1675dSTing-Kang Chang 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead/subtle" 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/subtle/random" 26*e7b1675dSTing-Kang Chang) 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Chang// These test vectors have been taken from Appendix C in go/rfc/8452. 29*e7b1675dSTing-Kang Changvar testVectors = []struct { 30*e7b1675dSTing-Kang Chang Key, Input, Hash string 31*e7b1675dSTing-Kang Chang}{ 32*e7b1675dSTing-Kang Chang { // Test Case 0 33*e7b1675dSTing-Kang Chang Key: "25629347589242761d31f826ba4b757b", 34*e7b1675dSTing-Kang Chang Input: "4f4f95668c83dfb6401762bb2d01a262d1a24ddd2721d006bbe45f20d3c9f362", 35*e7b1675dSTing-Kang Chang Hash: "f7a3b47b846119fae5b7866cf5e5b77e", 36*e7b1675dSTing-Kang Chang }, 37*e7b1675dSTing-Kang Chang { // Test Case 1 38*e7b1675dSTing-Kang Chang Key: "d9b360279694941ac5dbc6987ada7377", 39*e7b1675dSTing-Kang Chang Input: "00000000000000000000000000000000", 40*e7b1675dSTing-Kang Chang Hash: "00000000000000000000000000000000", 41*e7b1675dSTing-Kang Chang }, 42*e7b1675dSTing-Kang Chang { // Test Case 2 43*e7b1675dSTing-Kang Chang Key: "d9b360279694941ac5dbc6987ada7377", 44*e7b1675dSTing-Kang Chang Input: "01000000000000000000000000000000000000000000000040", 45*e7b1675dSTing-Kang Chang Hash: "eb93b7740962c5e49d2a90a7dc5cec74", 46*e7b1675dSTing-Kang Chang }, 47*e7b1675dSTing-Kang Chang { // Test Case 3 48*e7b1675dSTing-Kang Chang Key: "d9b360279694941ac5dbc6987ada7377", 49*e7b1675dSTing-Kang Chang Input: "01000000000000000000000000000000000000000000000060", 50*e7b1675dSTing-Kang Chang Hash: "48eb6c6c5a2dbe4a1dde508fee06361b", 51*e7b1675dSTing-Kang Chang }, 52*e7b1675dSTing-Kang Chang { // Test Case 4 53*e7b1675dSTing-Kang Chang Key: "d9b360279694941ac5dbc6987ada7377", 54*e7b1675dSTing-Kang Chang Input: "01000000000000000000000000000000000000000000000080", 55*e7b1675dSTing-Kang Chang Hash: "20806c26e3c1de019e111255708031d6", 56*e7b1675dSTing-Kang Chang }, 57*e7b1675dSTing-Kang Chang { // Test Case 5 58*e7b1675dSTing-Kang Chang Key: "d9b360279694941ac5dbc6987ada7377", 59*e7b1675dSTing-Kang Chang Input: "010000000000000000000000000000000200000000000000000000000000000000000000000000000001", 60*e7b1675dSTing-Kang Chang Hash: "ce6edc9a50b36d9a98986bbf6a261c3b", 61*e7b1675dSTing-Kang Chang }, 62*e7b1675dSTing-Kang Chang { // Test Case 6 63*e7b1675dSTing-Kang Chang Key: "0533fd71f4119257361a3ff1469dd4e5", 64*e7b1675dSTing-Kang Chang Input: "489c8fde2be2cf97e74e932d4ed87d00c9882e5386fd9f92ec00000000000000780000000000000048", 65*e7b1675dSTing-Kang Chang Hash: "bf160bc9ded8c63057d2c38aae552fb4", 66*e7b1675dSTing-Kang Chang }, 67*e7b1675dSTing-Kang Chang { // Test Case 7 68*e7b1675dSTing-Kang Chang Key: "64779ab10ee8a280272f14cc8851b727", 69*e7b1675dSTing-Kang Chang Input: "0da55210cc1c1b0abde3b2f204d1e9f8b06bc47f0000000000000000000000001db2316fd568378da107b52b00000000a00000000000000060", 70*e7b1675dSTing-Kang Chang Hash: "cc86ee22c861e1fd474c84676b42739c", 71*e7b1675dSTing-Kang Chang }, 72*e7b1675dSTing-Kang Chang { // Test Case 8 73*e7b1675dSTing-Kang Chang Key: "27c2959ed4daea3b1f52e849478de376", 74*e7b1675dSTing-Kang Chang Input: "f37de21c7ff901cfe8a69615a93fdf7a98cad481796245709f0000000000000021702de0de18baa9c9596291b0846600c80000000000000078", 75*e7b1675dSTing-Kang Chang Hash: "c4fa5e5b713853703bcf8e6424505fa5", 76*e7b1675dSTing-Kang Chang }, 77*e7b1675dSTing-Kang Chang { // Test Case 9 78*e7b1675dSTing-Kang Chang Key: "670b98154076ddb59b7a9137d0dcc0f0", 79*e7b1675dSTing-Kang Chang Input: "9c2159058b1f0fe91433a5bdc20e214eab7fecef4454a10ef0657df21ac70000b202b370ef9768ec6561c4fe6b7e7296fa850000000000000000000000000000f00000000000000090", 80*e7b1675dSTing-Kang Chang Hash: "4e4108f09f41d797dc9256f8da8d58c7", 81*e7b1675dSTing-Kang Chang }, 82*e7b1675dSTing-Kang Chang { // Test Case 10 83*e7b1675dSTing-Kang Chang Key: "cb8c3aa3f8dbaeb4b28a3e86ff6625f8", 84*e7b1675dSTing-Kang Chang Input: "734320ccc9d9bbbb19cb81b2af4ecbc3e72834321f7aa0f70b7282b4f33df23f16754100000000000000000000000000ced532ce4159b035277d4dfbb7db62968b13cd4eec00000000000000000000001801000000000000a8", 85*e7b1675dSTing-Kang Chang Hash: "ffd503c7dd712eb3791b7114b17bb0cf", 86*e7b1675dSTing-Kang Chang }, 87*e7b1675dSTing-Kang Chang} 88*e7b1675dSTing-Kang Chang 89*e7b1675dSTing-Kang Changfunc TestPolyval(t *testing.T) { 90*e7b1675dSTing-Kang Chang for id, tc := range testVectors { 91*e7b1675dSTing-Kang Chang key, err := hex.DecodeString(tc.Key) 92*e7b1675dSTing-Kang Chang if err != nil { 93*e7b1675dSTing-Kang Chang t.Errorf("cannot decode key in test case %d: %s", id, err) 94*e7b1675dSTing-Kang Chang continue 95*e7b1675dSTing-Kang Chang } 96*e7b1675dSTing-Kang Chang input, err := hex.DecodeString(tc.Input) 97*e7b1675dSTing-Kang Chang if err != nil { 98*e7b1675dSTing-Kang Chang t.Errorf("cannot decode aad in test case %d: %s", id, err) 99*e7b1675dSTing-Kang Chang continue 100*e7b1675dSTing-Kang Chang } 101*e7b1675dSTing-Kang Chang expectedHash, err := hex.DecodeString(tc.Hash) 102*e7b1675dSTing-Kang Chang if err != nil { 103*e7b1675dSTing-Kang Chang t.Errorf("cannot decode msg in test case %d: %s", id, err) 104*e7b1675dSTing-Kang Chang continue 105*e7b1675dSTing-Kang Chang } 106*e7b1675dSTing-Kang Chang 107*e7b1675dSTing-Kang Chang p, err := subtle.NewPolyval(key) 108*e7b1675dSTing-Kang Chang if err != nil { 109*e7b1675dSTing-Kang Chang t.Errorf("Unexpected error: %v", err) 110*e7b1675dSTing-Kang Chang continue 111*e7b1675dSTing-Kang Chang } 112*e7b1675dSTing-Kang Chang 113*e7b1675dSTing-Kang Chang p.Update(input) 114*e7b1675dSTing-Kang Chang hash := p.Finish() 115*e7b1675dSTing-Kang Chang actualHash := hash[:] 116*e7b1675dSTing-Kang Chang 117*e7b1675dSTing-Kang Chang if !bytes.Equal(actualHash, expectedHash) { 118*e7b1675dSTing-Kang Chang t.Errorf("Hash values don't match in test case %d: actual %s, expected %s", 119*e7b1675dSTing-Kang Chang id, hex.EncodeToString(actualHash), hex.EncodeToString(expectedHash)) 120*e7b1675dSTing-Kang Chang } 121*e7b1675dSTing-Kang Chang } 122*e7b1675dSTing-Kang Chang} 123*e7b1675dSTing-Kang Chang 124*e7b1675dSTing-Kang Changfunc TestPolyvalRejectsInvalidKeyLength(t *testing.T) { 125*e7b1675dSTing-Kang Chang invalidKeySizes := []uint32{4, 8, 12, 15, 17, 24, 32} 126*e7b1675dSTing-Kang Chang 127*e7b1675dSTing-Kang Chang for id, keySize := range invalidKeySizes { 128*e7b1675dSTing-Kang Chang key := random.GetRandomBytes(keySize) 129*e7b1675dSTing-Kang Chang 130*e7b1675dSTing-Kang Chang _, err := subtle.NewPolyval(key) 131*e7b1675dSTing-Kang Chang if err == nil { 132*e7b1675dSTing-Kang Chang t.Errorf("Expected error with invalid key-size %d case %d", keySize, id) 133*e7b1675dSTing-Kang Chang } 134*e7b1675dSTing-Kang Chang } 135*e7b1675dSTing-Kang Chang} 136