gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/grpc/credentials/alts/internal/conn/aes128gcm_test.go

gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/grpc/credentials/alts/internal/conn/aes128gcm_test.go (about)

     1  /*
     2   *
     3   * Copyright 2018 gRPC authors.
     4   *
     5   * Licensed under the Apache License, Version 2.0 (the "License");
     6   * you may not use this file except in compliance with the License.
     7   * You may obtain a copy of the License at
     8   *
     9   *     http://www.apache.org/licenses/LICENSE-2.0
    10   *
    11   * Unless required by applicable law or agreed to in writing, software
    12   * distributed under the License is distributed on an "AS IS" BASIS,
    13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14   * See the License for the specific language governing permissions and
    15   * limitations under the License.
    16   *
    17   */
    18  
    19  package conn
    20  
    21  import (
    22  	"bytes"
    23  	"testing"
    24  
    25  	core "gitee.com/ks-custle/core-gm/grpc/credentials/alts/internal"
    26  )
    27  
    28  // cryptoTestVector is struct for a GCM test vector
    29  type cryptoTestVector struct {
    30  	key, counter, plaintext, ciphertext, tag []byte
    31  	allocateDst                              bool
    32  }
    33  
    34  // getGCMCryptoPair outputs a client/server pair on aes128gcm.
    35  func getGCMCryptoPair(key []byte, counter []byte, t *testing.T) (ALTSRecordCrypto, ALTSRecordCrypto) {
    36  	client, err := NewAES128GCM(core.ClientSide, key)
    37  	if err != nil {
    38  		t.Fatalf("NewAES128GCM(ClientSide, key) = %v", err)
    39  	}
    40  	server, err := NewAES128GCM(core.ServerSide, key)
    41  	if err != nil {
    42  		t.Fatalf("NewAES128GCM(ServerSide, key) = %v", err)
    43  	}
    44  	// set counter if provided.
    45  	if counter != nil {
    46  		if CounterSide(counter) == core.ClientSide {
    47  			client.(*aes128gcm).outCounter = CounterFromValue(counter, overflowLenAES128GCM)
    48  			server.(*aes128gcm).inCounter = CounterFromValue(counter, overflowLenAES128GCM)
    49  		} else {
    50  			server.(*aes128gcm).outCounter = CounterFromValue(counter, overflowLenAES128GCM)
    51  			client.(*aes128gcm).inCounter = CounterFromValue(counter, overflowLenAES128GCM)
    52  		}
    53  	}
    54  	return client, server
    55  }
    56  
    57  func testGCMEncryptionDecryption(sender ALTSRecordCrypto, receiver ALTSRecordCrypto, test *cryptoTestVector, withCounter bool, t *testing.T) {
    58  	// Ciphertext is: counter + encrypted text + tag.
    59  	ciphertext := []byte(nil)
    60  	if withCounter {
    61  		ciphertext = append(ciphertext, test.counter...)
    62  	}
    63  	ciphertext = append(ciphertext, test.ciphertext...)
    64  	ciphertext = append(ciphertext, test.tag...)
    65  
    66  	// Decrypt.
    67  	if got, err := receiver.Decrypt(nil, ciphertext); err != nil || !bytes.Equal(got, test.plaintext) {
    68  		t.Errorf("key=%v\ncounter=%v\ntag=%v\nciphertext=%v\nDecrypt = %v, %v\nwant: %v",
    69  			test.key, test.counter, test.tag, test.ciphertext, got, err, test.plaintext)
    70  	}
    71  
    72  	// Encrypt.
    73  	var dst []byte
    74  	if test.allocateDst {
    75  		dst = make([]byte, len(test.plaintext)+sender.EncryptionOverhead())
    76  	}
    77  	if got, err := sender.Encrypt(dst[:0], test.plaintext); err != nil || !bytes.Equal(got, ciphertext) {
    78  		t.Errorf("key=%v\ncounter=%v\nplaintext=%v\nEncrypt = %v, %v\nwant: %v",
    79  			test.key, test.counter, test.plaintext, got, err, ciphertext)
    80  	}
    81  }
    82  
    83  // Test encrypt and decrypt using test vectors for aes128gcm.
    84  func (s) TestAES128GCMEncrypt(t *testing.T) {
    85  	for _, test := range []cryptoTestVector{
    86  		{
    87  			key:         dehex("11754cd72aec309bf52f7687212e8957"),
    88  			counter:     dehex("3c819d9a9bed087615030b65"),
    89  			plaintext:   nil,
    90  			ciphertext:  nil,
    91  			tag:         dehex("250327c674aaf477aef2675748cf6971"),
    92  			allocateDst: false,
    93  		},
    94  		{
    95  			key:         dehex("ca47248ac0b6f8372a97ac43508308ed"),
    96  			counter:     dehex("ffd2b598feabc9019262d2be"),
    97  			plaintext:   nil,
    98  			ciphertext:  nil,
    99  			tag:         dehex("60d20404af527d248d893ae495707d1a"),
   100  			allocateDst: false,
   101  		},
   102  		{
   103  			key:         dehex("7fddb57453c241d03efbed3ac44e371c"),
   104  			counter:     dehex("ee283a3fc75575e33efd4887"),
   105  			plaintext:   dehex("d5de42b461646c255c87bd2962d3b9a2"),
   106  			ciphertext:  dehex("2ccda4a5415cb91e135c2a0f78c9b2fd"),
   107  			tag:         dehex("b36d1df9b9d5e596f83e8b7f52971cb3"),
   108  			allocateDst: false,
   109  		},
   110  		{
   111  			key:         dehex("ab72c77b97cb5fe9a382d9fe81ffdbed"),
   112  			counter:     dehex("54cc7dc2c37ec006bcc6d1da"),
   113  			plaintext:   dehex("007c5e5b3e59df24a7c355584fc1518d"),
   114  			ciphertext:  dehex("0e1bde206a07a9c2c1b65300f8c64997"),
   115  			tag:         dehex("2b4401346697138c7a4891ee59867d0c"),
   116  			allocateDst: false,
   117  		},
   118  		{
   119  			key:         dehex("11754cd72aec309bf52f7687212e8957"),
   120  			counter:     dehex("3c819d9a9bed087615030b65"),
   121  			plaintext:   nil,
   122  			ciphertext:  nil,
   123  			tag:         dehex("250327c674aaf477aef2675748cf6971"),
   124  			allocateDst: true,
   125  		},
   126  		{
   127  			key:         dehex("ca47248ac0b6f8372a97ac43508308ed"),
   128  			counter:     dehex("ffd2b598feabc9019262d2be"),
   129  			plaintext:   nil,
   130  			ciphertext:  nil,
   131  			tag:         dehex("60d20404af527d248d893ae495707d1a"),
   132  			allocateDst: true,
   133  		},
   134  		{
   135  			key:         dehex("7fddb57453c241d03efbed3ac44e371c"),
   136  			counter:     dehex("ee283a3fc75575e33efd4887"),
   137  			plaintext:   dehex("d5de42b461646c255c87bd2962d3b9a2"),
   138  			ciphertext:  dehex("2ccda4a5415cb91e135c2a0f78c9b2fd"),
   139  			tag:         dehex("b36d1df9b9d5e596f83e8b7f52971cb3"),
   140  			allocateDst: true,
   141  		},
   142  		{
   143  			key:         dehex("ab72c77b97cb5fe9a382d9fe81ffdbed"),
   144  			counter:     dehex("54cc7dc2c37ec006bcc6d1da"),
   145  			plaintext:   dehex("007c5e5b3e59df24a7c355584fc1518d"),
   146  			ciphertext:  dehex("0e1bde206a07a9c2c1b65300f8c64997"),
   147  			tag:         dehex("2b4401346697138c7a4891ee59867d0c"),
   148  			allocateDst: true,
   149  		},
   150  	} {
   151  		// Test encryption and decryption for aes128gcm.
   152  		client, server := getGCMCryptoPair(test.key, test.counter, t)
   153  		if CounterSide(test.counter) == core.ClientSide {
   154  			testGCMEncryptionDecryption(client, server, &test, false, t)
   155  		} else {
   156  			testGCMEncryptionDecryption(server, client, &test, false, t)
   157  		}
   158  	}
   159  }
   160  
   161  func testGCMEncryptRoundtrip(client ALTSRecordCrypto, server ALTSRecordCrypto, t *testing.T) {
   162  	// Encrypt.
   163  	const plaintext = "This is plaintext."
   164  	var err error
   165  	buf := []byte(plaintext)
   166  	buf, err = client.Encrypt(buf[:0], buf)
   167  	if err != nil {
   168  		t.Fatal("Encrypting with client-side context: unexpected error", err, "\n",
   169  			"Plaintext:", []byte(plaintext))
   170  	}
   171  
   172  	// Encrypt a second message.
   173  	const plaintext2 = "This is a second plaintext."
   174  	buf2 := []byte(plaintext2)
   175  	buf2, err = client.Encrypt(buf2[:0], buf2)
   176  	if err != nil {
   177  		t.Fatal("Encrypting with client-side context: unexpected error", err, "\n",
   178  			"Plaintext:", []byte(plaintext2))
   179  	}
   180  
   181  	// Decryption fails: cannot decrypt second message before first.
   182  	if got, err := server.Decrypt(nil, buf2); err == nil {
   183  		t.Error("Decrypting client-side ciphertext with a client-side context unexpectedly succeeded; want unexpected counter error:\n",
   184  			"  Original plaintext:", []byte(plaintext2), "\n",
   185  			"  Ciphertext:", buf2, "\n",
   186  			"  Decrypted plaintext:", got)
   187  	}
   188  
   189  	// Decryption fails: wrong counter space.
   190  	if got, err := client.Decrypt(nil, buf); err == nil {
   191  		t.Error("Decrypting client-side ciphertext with a client-side context unexpectedly succeeded; want counter space error:\n",
   192  			"  Original plaintext:", []byte(plaintext), "\n",
   193  			"  Ciphertext:", buf, "\n",
   194  			"  Decrypted plaintext:", got)
   195  	}
   196  
   197  	// Decrypt first message.
   198  	ciphertext := append([]byte(nil), buf...)
   199  	buf, err = server.Decrypt(buf[:0], buf)
   200  	if err != nil || string(buf) != plaintext {
   201  		t.Fatal("Decrypting client-side ciphertext with a server-side context did not produce original content:\n",
   202  			"  Original plaintext:", []byte(plaintext), "\n",
   203  			"  Ciphertext:", ciphertext, "\n",
   204  			"  Decryption error:", err, "\n",
   205  			"  Decrypted plaintext:", buf)
   206  	}
   207  
   208  	// Decryption fails: replay attack.
   209  	if got, err := server.Decrypt(nil, buf); err == nil {
   210  		t.Error("Decrypting client-side ciphertext with a client-side context unexpectedly succeeded; want unexpected counter error:\n",
   211  			"  Original plaintext:", []byte(plaintext), "\n",
   212  			"  Ciphertext:", buf, "\n",
   213  			"  Decrypted plaintext:", got)
   214  	}
   215  }
   216  
   217  // Test encrypt and decrypt on roundtrip messages for aes128gcm.
   218  func (s) TestAES128GCMEncryptRoundtrip(t *testing.T) {
   219  	// Test for aes128gcm.
   220  	key := make([]byte, 16)
   221  	client, server := getGCMCryptoPair(key, nil, t)
   222  	testGCMEncryptRoundtrip(client, server, t)
   223  }