github.com/osdi23p228/fabric@v0.0.0-20221218062954-77808885f5db/bccsp/sw/aes_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 package sw 17 18 import ( 19 "bytes" 20 "crypto/aes" 21 "crypto/rand" 22 "io" 23 "math/big" 24 mrand "math/rand" 25 "testing" 26 27 "github.com/osdi23p228/fabric/bccsp" 28 "github.com/osdi23p228/fabric/bccsp/mocks" 29 "github.com/stretchr/testify/assert" 30 ) 31 32 // TestCBCPKCS7EncryptCBCPKCS7Decrypt encrypts using CBCPKCS7Encrypt and decrypts using CBCPKCS7Decrypt. 33 func TestCBCPKCS7EncryptCBCPKCS7Decrypt(t *testing.T) { 34 t.Parallel() 35 36 // Note: The purpose of this test is not to test AES-256 in CBC mode's strength 37 // ... but rather to verify the code wrapping/unwrapping the cipher. 38 key := make([]byte, 32) 39 rand.Reader.Read(key) 40 41 // 123456789012345678901234567890123456789012 42 var ptext = []byte("a message with arbitrary length (42 bytes)") 43 44 encrypted, encErr := AESCBCPKCS7Encrypt(key, ptext) 45 if encErr != nil { 46 t.Fatalf("Error encrypting '%s': %s", ptext, encErr) 47 } 48 49 decrypted, dErr := AESCBCPKCS7Decrypt(key, encrypted) 50 if dErr != nil { 51 t.Fatalf("Error decrypting the encrypted '%s': %v", ptext, dErr) 52 } 53 54 if string(ptext[:]) != string(decrypted[:]) { 55 t.Fatal("Decrypt( Encrypt( ptext ) ) != ptext: Ciphertext decryption with the same key must result in the original plaintext!") 56 } 57 } 58 59 // TestPKCS7Padding verifies the PKCS#7 padding, using a human readable plaintext. 60 func TestPKCS7Padding(t *testing.T) { 61 t.Parallel() 62 63 // 0 byte/length ptext 64 ptext := []byte("") 65 expected := []byte{16, 16, 16, 16, 66 16, 16, 16, 16, 67 16, 16, 16, 16, 68 16, 16, 16, 16} 69 result := pkcs7Padding(ptext) 70 71 if !bytes.Equal(expected, result) { 72 t.Fatal("Padding error! Expected: ", expected, "', received: '", result, "'") 73 } 74 75 // 1 byte/length ptext 76 ptext = []byte("1") 77 expected = []byte{'1', 15, 15, 15, 78 15, 15, 15, 15, 79 15, 15, 15, 15, 80 15, 15, 15, 15} 81 result = pkcs7Padding(ptext) 82 83 if !bytes.Equal(expected, result) { 84 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 85 } 86 87 // 2 byte/length ptext 88 ptext = []byte("12") 89 expected = []byte{'1', '2', 14, 14, 90 14, 14, 14, 14, 91 14, 14, 14, 14, 92 14, 14, 14, 14} 93 result = pkcs7Padding(ptext) 94 95 if !bytes.Equal(expected, result) { 96 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 97 } 98 99 // 3 to aes.BlockSize-1 byte plaintext 100 ptext = []byte("1234567890ABCDEF") 101 for i := 3; i < aes.BlockSize; i++ { 102 result := pkcs7Padding(ptext[:i]) 103 104 padding := aes.BlockSize - i 105 expectedPadding := bytes.Repeat([]byte{byte(padding)}, padding) 106 expected = append(ptext[:i], expectedPadding...) 107 108 if !bytes.Equal(result, expected) { 109 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 110 } 111 } 112 113 // aes.BlockSize length ptext 114 ptext = bytes.Repeat([]byte{byte('x')}, aes.BlockSize) 115 result = pkcs7Padding(ptext) 116 117 expectedPadding := bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize) 118 expected = append(ptext, expectedPadding...) 119 120 if len(result) != 2*aes.BlockSize { 121 t.Fatal("Padding error: expected the length of the returned slice to be 2 times aes.BlockSize") 122 } 123 124 if !bytes.Equal(expected, result) { 125 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 126 } 127 } 128 129 // TestPKCS7UnPadding verifies the PKCS#7 unpadding, using a human readable plaintext. 130 func TestPKCS7UnPadding(t *testing.T) { 131 t.Parallel() 132 133 // 0 byte/length ptext 134 expected := []byte("") 135 ptext := []byte{16, 16, 16, 16, 136 16, 16, 16, 16, 137 16, 16, 16, 16, 138 16, 16, 16, 16} 139 140 result, _ := pkcs7UnPadding(ptext) 141 142 if !bytes.Equal(expected, result) { 143 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 144 } 145 146 // 1 byte/length ptext 147 expected = []byte("1") 148 ptext = []byte{'1', 15, 15, 15, 149 15, 15, 15, 15, 150 15, 15, 15, 15, 151 15, 15, 15, 15} 152 153 result, _ = pkcs7UnPadding(ptext) 154 155 if !bytes.Equal(expected, result) { 156 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 157 } 158 159 // 2 byte/length ptext 160 expected = []byte("12") 161 ptext = []byte{'1', '2', 14, 14, 162 14, 14, 14, 14, 163 14, 14, 14, 14, 164 14, 14, 14, 14} 165 166 result, _ = pkcs7UnPadding(ptext) 167 168 if !bytes.Equal(expected, result) { 169 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 170 } 171 172 // 3 to aes.BlockSize-1 byte plaintext 173 base := []byte("1234567890ABCDEF") 174 for i := 3; i < aes.BlockSize; i++ { 175 iPad := aes.BlockSize - i 176 padding := bytes.Repeat([]byte{byte(iPad)}, iPad) 177 ptext = append(base[:i], padding...) 178 179 expected := base[:i] 180 result, _ := pkcs7UnPadding(ptext) 181 182 if !bytes.Equal(result, expected) { 183 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 184 } 185 } 186 187 // aes.BlockSize length ptext 188 expected = bytes.Repeat([]byte{byte('x')}, aes.BlockSize) 189 padding := bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize) 190 ptext = append(expected, padding...) 191 192 result, _ = pkcs7UnPadding(ptext) 193 194 if !bytes.Equal(expected, result) { 195 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 196 } 197 } 198 199 // TestCBCEncryptCBCPKCS7Decrypt_BlockSizeLengthPlaintext verifies that CBCPKCS7Decrypt returns an error 200 // when attempting to decrypt ciphertext of an irreproducible length. 201 func TestCBCEncryptCBCPKCS7Decrypt_BlockSizeLengthPlaintext(t *testing.T) { 202 t.Parallel() 203 204 // One of the purposes of this test is to also document and clarify the expected behavior, i.e., that an extra 205 // block is appended to the message at the padding stage, as per the spec of PKCS#7 v1.5 [see RFC-2315 p.21] 206 key := make([]byte, 32) 207 rand.Reader.Read(key) 208 209 // 1234567890123456 210 var ptext = []byte("a 16 byte messag") 211 212 encrypted, encErr := aesCBCEncrypt(key, ptext) 213 if encErr != nil { 214 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 215 } 216 217 decrypted, dErr := AESCBCPKCS7Decrypt(key, encrypted) 218 if dErr == nil { 219 t.Fatalf("Expected an error decrypting ptext '%s'. Decrypted to '%v'", dErr, decrypted) 220 } 221 } 222 223 // TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage verifies that CBCDecrypt can decrypt the unpadded 224 // version of the ciphertext, of a message of BlockSize length. 225 func TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage(t *testing.T) { 226 t.Parallel() 227 228 // One of the purposes of this test is to also document and clarify the expected behavior, i.e., that an extra 229 // block is appended to the message at the padding stage, as per the spec of PKCS#7 v1.5 [see RFC-2315 p.21] 230 key := make([]byte, 32) 231 rand.Reader.Read(key) 232 233 // 0123456789ABCDEF 234 var ptext = []byte("a 16 byte messag") 235 236 encrypted, encErr := AESCBCPKCS7Encrypt(key, ptext) 237 if encErr != nil { 238 t.Fatalf("Error encrypting ptext %v", encErr) 239 } 240 241 decrypted, dErr := aesCBCDecrypt(key, encrypted) 242 if dErr != nil { 243 t.Fatalf("Error encrypting ptext %v, %v", dErr, decrypted) 244 } 245 246 if string(ptext[:]) != string(decrypted[:aes.BlockSize]) { 247 t.Log("ptext: ", ptext) 248 t.Log("decrypted: ", decrypted[:aes.BlockSize]) 249 t.Fatal("Encryption->Decryption with same key should result in original ptext") 250 } 251 252 if !bytes.Equal(decrypted[aes.BlockSize:], bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize)) { 253 t.Fatal("Expected extra block with padding in encrypted ptext", decrypted) 254 } 255 } 256 257 // TestCBCPKCS7Encrypt_EmptyPlaintext encrypts and pad an empty ptext. Verifying as well that the ciphertext length is as expected. 258 func TestCBCPKCS7Encrypt_EmptyPlaintext(t *testing.T) { 259 t.Parallel() 260 261 key := make([]byte, 32) 262 rand.Reader.Read(key) 263 264 t.Log("Generated key: ", key) 265 266 var emptyPlaintext = []byte("") 267 t.Log("Plaintext length: ", len(emptyPlaintext)) 268 269 ciphertext, encErr := AESCBCPKCS7Encrypt(key, emptyPlaintext) 270 if encErr != nil { 271 t.Fatalf("Error encrypting '%v'", encErr) 272 } 273 274 // Expected ciphertext length: 32 (=32) 275 // As part of the padding, at least one block gets encrypted (while the first block is the IV) 276 const expectedLength = aes.BlockSize + aes.BlockSize 277 if len(ciphertext) != expectedLength { 278 t.Fatalf("Wrong ciphertext length. Expected %d, received %d", expectedLength, len(ciphertext)) 279 } 280 281 t.Log("Ciphertext length: ", len(ciphertext)) 282 t.Log("Cipher: ", ciphertext) 283 } 284 285 // TestCBCEncrypt_EmptyPlaintext encrypts an empty message. Verifying as well that the ciphertext length is as expected. 286 func TestCBCEncrypt_EmptyPlaintext(t *testing.T) { 287 t.Parallel() 288 289 key := make([]byte, 32) 290 rand.Reader.Read(key) 291 t.Log("Generated key: ", key) 292 293 var emptyPlaintext = []byte("") 294 t.Log("Message length: ", len(emptyPlaintext)) 295 296 ciphertext, encErr := aesCBCEncrypt(key, emptyPlaintext) 297 assert.NoError(t, encErr) 298 299 t.Log("Ciphertext length: ", len(ciphertext)) 300 301 // Expected cipher length: aes.BlockSize, the first and only block is the IV 302 var expectedLength = aes.BlockSize 303 304 if len(ciphertext) != expectedLength { 305 t.Fatalf("Wrong ciphertext length. Expected: '%d', received: '%d'", expectedLength, len(ciphertext)) 306 } 307 t.Log("Ciphertext: ", ciphertext) 308 } 309 310 // TestCBCPKCS7Encrypt_VerifyRandomIVs encrypts twice with same key. The first 16 bytes should be different if IV is generated randomly. 311 func TestCBCPKCS7Encrypt_VerifyRandomIVs(t *testing.T) { 312 t.Parallel() 313 314 key := make([]byte, aes.BlockSize) 315 rand.Reader.Read(key) 316 t.Log("Key 1", key) 317 318 var ptext = []byte("a message to encrypt") 319 320 ciphertext1, err := AESCBCPKCS7Encrypt(key, ptext) 321 if err != nil { 322 t.Fatalf("Error encrypting '%s': %s", ptext, err) 323 } 324 325 // Expecting a different IV if same message is encrypted with same key 326 ciphertext2, err := AESCBCPKCS7Encrypt(key, ptext) 327 if err != nil { 328 t.Fatalf("Error encrypting '%s': %s", ptext, err) 329 } 330 331 iv1 := ciphertext1[:aes.BlockSize] 332 iv2 := ciphertext2[:aes.BlockSize] 333 334 t.Log("Ciphertext1: ", iv1) 335 t.Log("Ciphertext2: ", iv2) 336 t.Log("bytes.Equal: ", bytes.Equal(iv1, iv2)) 337 338 if bytes.Equal(iv1, iv2) { 339 t.Fatal("Error: ciphertexts contain identical initialization vectors (IVs)") 340 } 341 } 342 343 // TestCBCPKCS7Encrypt_CorrectCiphertextLengthCheck verifies that the returned ciphertext lengths are as expected. 344 func TestCBCPKCS7Encrypt_CorrectCiphertextLengthCheck(t *testing.T) { 345 t.Parallel() 346 347 key := make([]byte, aes.BlockSize) 348 rand.Reader.Read(key) 349 350 // length of message (in bytes) == aes.BlockSize (16 bytes) 351 // The expected cipher length = IV length (1 block) + 1 block message 352 353 var ptext = []byte("0123456789ABCDEF") 354 355 for i := 1; i < aes.BlockSize; i++ { 356 ciphertext, err := AESCBCPKCS7Encrypt(key, ptext[:i]) 357 if err != nil { 358 t.Fatal("Error encrypting '", ptext, "'") 359 } 360 361 expectedLength := aes.BlockSize + aes.BlockSize 362 if len(ciphertext) != expectedLength { 363 t.Fatalf("Incorrect ciphertext incorrect: expected '%d', received '%d'", expectedLength, len(ciphertext)) 364 } 365 } 366 } 367 368 // TestCBCEncryptCBCDecrypt_KeyMismatch attempts to decrypt with a different key than the one used for encryption. 369 func TestCBCEncryptCBCDecrypt_KeyMismatch(t *testing.T) { 370 t.Parallel() 371 372 // Generate a random key 373 key := make([]byte, aes.BlockSize) 374 rand.Reader.Read(key) 375 376 // Clone & tamper with the key 377 wrongKey := make([]byte, aes.BlockSize) 378 copy(wrongKey, key[:]) 379 wrongKey[0] = key[0] + 1 380 381 var ptext = []byte("1234567890ABCDEF") 382 encrypted, encErr := aesCBCEncrypt(key, ptext) 383 if encErr != nil { 384 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 385 } 386 387 decrypted, decErr := aesCBCDecrypt(wrongKey, encrypted) 388 if decErr != nil { 389 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 390 } 391 392 if string(ptext[:]) == string(decrypted[:]) { 393 t.Fatal("Decrypting a ciphertext with a different key than the one used for encrypting it - should not result in the original plaintext.") 394 } 395 } 396 397 // TestCBCEncryptCBCDecrypt encrypts with CBCEncrypt and decrypt with CBCDecrypt. 398 func TestCBCEncryptCBCDecrypt(t *testing.T) { 399 t.Parallel() 400 401 key := make([]byte, 32) 402 rand.Reader.Read(key) 403 404 // 1234567890123456 405 var ptext = []byte("a 16 byte messag") 406 407 encrypted, encErr := aesCBCEncrypt(key, ptext) 408 if encErr != nil { 409 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 410 } 411 412 decrypted, decErr := aesCBCDecrypt(key, encrypted) 413 if decErr != nil { 414 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 415 } 416 417 if string(ptext[:]) != string(decrypted[:]) { 418 t.Fatal("Encryption->Decryption with same key should result in the original plaintext.") 419 } 420 } 421 422 // TestCBCEncryptWithRandCBCDecrypt encrypts with CBCEncrypt using the passed prng and decrypt with CBCDecrypt. 423 func TestCBCEncryptWithRandCBCDecrypt(t *testing.T) { 424 t.Parallel() 425 426 key := make([]byte, 32) 427 rand.Reader.Read(key) 428 429 // 1234567890123456 430 var ptext = []byte("a 16 byte messag") 431 432 encrypted, encErr := aesCBCEncryptWithRand(rand.Reader, key, ptext) 433 if encErr != nil { 434 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 435 } 436 437 decrypted, decErr := aesCBCDecrypt(key, encrypted) 438 if decErr != nil { 439 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 440 } 441 442 if string(ptext[:]) != string(decrypted[:]) { 443 t.Fatal("Encryption->Decryption with same key should result in the original plaintext.") 444 } 445 } 446 447 // TestCBCEncryptWithIVCBCDecrypt encrypts with CBCEncrypt using the passed IV and decrypt with CBCDecrypt. 448 func TestCBCEncryptWithIVCBCDecrypt(t *testing.T) { 449 t.Parallel() 450 451 key := make([]byte, 32) 452 rand.Reader.Read(key) 453 454 // 1234567890123456 455 var ptext = []byte("a 16 byte messag") 456 457 iv := make([]byte, aes.BlockSize) 458 _, err := io.ReadFull(rand.Reader, iv) 459 assert.NoError(t, err) 460 461 encrypted, encErr := aesCBCEncryptWithIV(iv, key, ptext) 462 if encErr != nil { 463 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 464 } 465 466 decrypted, decErr := aesCBCDecrypt(key, encrypted) 467 if decErr != nil { 468 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 469 } 470 471 if string(ptext[:]) != string(decrypted[:]) { 472 t.Fatal("Encryption->Decryption with same key should result in the original plaintext.") 473 } 474 } 475 476 // TestAESRelatedUtilFunctions tests various functions commonly used in fabric wrt AES 477 func TestAESRelatedUtilFunctions(t *testing.T) { 478 t.Parallel() 479 480 key, err := GetRandomBytes(32) 481 if err != nil { 482 t.Fatalf("Failed generating AES key [%s]", err) 483 } 484 485 for i := 1; i < 100; i++ { 486 l, err := rand.Int(rand.Reader, big.NewInt(1024)) 487 if err != nil { 488 t.Fatalf("Failed generating AES key [%s]", err) 489 } 490 msg, err := GetRandomBytes(int(l.Int64()) + 1) 491 if err != nil { 492 t.Fatalf("Failed generating AES key [%s]", err) 493 } 494 495 ct, err := AESCBCPKCS7Encrypt(key, msg) 496 if err != nil { 497 t.Fatalf("Failed encrypting [%s]", err) 498 } 499 500 msg2, err := AESCBCPKCS7Decrypt(key, ct) 501 if err != nil { 502 t.Fatalf("Failed decrypting [%s]", err) 503 } 504 505 if !bytes.Equal(msg, msg2) { 506 t.Fatalf("Wrong decryption output [%x][%x]", msg, msg2) 507 } 508 } 509 } 510 511 // TestVariousAESKeyEncoding tests some AES <-> PEM conversions 512 func TestVariousAESKeyEncoding(t *testing.T) { 513 t.Parallel() 514 515 key, err := GetRandomBytes(32) 516 if err != nil { 517 t.Fatalf("Failed generating AES key [%s]", err) 518 } 519 520 // PEM format 521 pem := aesToPEM(key) 522 keyFromPEM, err := pemToAES(pem, nil) 523 if err != nil { 524 t.Fatalf("Failed converting PEM to AES key [%s]", err) 525 } 526 if !bytes.Equal(key, keyFromPEM) { 527 t.Fatalf("Failed converting PEM to AES key. Keys are different [%x][%x]", key, keyFromPEM) 528 } 529 530 // Encrypted PEM format 531 pem, err = aesToEncryptedPEM(key, []byte("passwd")) 532 if err != nil { 533 t.Fatalf("Failed converting AES key to Encrypted PEM [%s]", err) 534 } 535 keyFromPEM, err = pemToAES(pem, []byte("passwd")) 536 if err != nil { 537 t.Fatalf("Failed converting encrypted PEM to AES key [%s]", err) 538 } 539 if !bytes.Equal(key, keyFromPEM) { 540 t.Fatalf("Failed converting encrypted PEM to AES key. Keys are different [%x][%x]", key, keyFromPEM) 541 } 542 } 543 544 func TestPkcs7UnPaddingInvalidInputs(t *testing.T) { 545 t.Parallel() 546 547 _, err := pkcs7UnPadding([]byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}) 548 assert.Error(t, err) 549 assert.Equal(t, "Invalid pkcs7 padding (pad[i] != unpadding)", err.Error()) 550 } 551 552 func TestAESCBCEncryptInvalidInputs(t *testing.T) { 553 t.Parallel() 554 555 _, err := aesCBCEncrypt(nil, []byte{0, 1, 2, 3}) 556 assert.Error(t, err) 557 assert.Equal(t, "Invalid plaintext. It must be a multiple of the block size", err.Error()) 558 559 _, err = aesCBCEncrypt([]byte{0}, []byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}) 560 assert.Error(t, err) 561 } 562 563 func TestAESCBCDecryptInvalidInputs(t *testing.T) { 564 t.Parallel() 565 566 _, err := aesCBCDecrypt([]byte{0}, []byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}) 567 assert.Error(t, err) 568 569 _, err = aesCBCDecrypt([]byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, []byte{0}) 570 assert.Error(t, err) 571 572 _, err = aesCBCDecrypt([]byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, 573 []byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}) 574 assert.Error(t, err) 575 } 576 577 // TestAESCBCPKCS7EncryptorDecrypt tests the integration of 578 // aescbcpkcs7Encryptor and aescbcpkcs7Decryptor 579 func TestAESCBCPKCS7EncryptorDecrypt(t *testing.T) { 580 t.Parallel() 581 582 raw, err := GetRandomBytes(32) 583 assert.NoError(t, err) 584 585 k := &aesPrivateKey{privKey: raw, exportable: false} 586 587 msg := []byte("Hello World") 588 encryptor := &aescbcpkcs7Encryptor{} 589 590 _, err = encryptor.Encrypt(k, msg, nil) 591 assert.Error(t, err) 592 593 _, err = encryptor.Encrypt(k, msg, &mocks.EncrypterOpts{}) 594 assert.Error(t, err) 595 596 _, err = encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: []byte{1}}) 597 assert.Error(t, err) 598 assert.Contains(t, err.Error(), "Invalid IV. It must have length the block size") 599 600 _, err = encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: []byte{1}, PRNG: rand.Reader}) 601 assert.Error(t, err) 602 assert.Contains(t, err.Error(), "Invalid options. Either IV or PRNG should be different from nil, or both nil.") 603 604 _, err = encryptor.Encrypt(k, msg, bccsp.AESCBCPKCS7ModeOpts{}) 605 assert.NoError(t, err) 606 607 ct, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 608 assert.NoError(t, err) 609 610 decryptor := &aescbcpkcs7Decryptor{} 611 612 _, err = decryptor.Decrypt(k, ct, nil) 613 assert.Error(t, err) 614 615 _, err = decryptor.Decrypt(k, ct, &mocks.EncrypterOpts{}) 616 assert.Error(t, err) 617 618 msg2, err := decryptor.Decrypt(k, ct, &bccsp.AESCBCPKCS7ModeOpts{}) 619 assert.NoError(t, err) 620 assert.Equal(t, msg, msg2) 621 } 622 623 func TestAESCBCPKCS7EncryptorWithIVSameCiphertext(t *testing.T) { 624 t.Parallel() 625 626 raw, err := GetRandomBytes(32) 627 assert.NoError(t, err) 628 629 k := &aesPrivateKey{privKey: raw, exportable: false} 630 631 msg := []byte("Hello World") 632 encryptor := &aescbcpkcs7Encryptor{} 633 634 iv := make([]byte, aes.BlockSize) 635 636 ct, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: iv}) 637 assert.NoError(t, err) 638 assert.NotNil(t, ct) 639 assert.Equal(t, iv, ct[:aes.BlockSize]) 640 641 ct2, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: iv}) 642 assert.NoError(t, err) 643 assert.NotNil(t, ct2) 644 assert.Equal(t, iv, ct2[:aes.BlockSize]) 645 646 assert.Equal(t, ct, ct2) 647 } 648 649 func TestAESCBCPKCS7EncryptorWithRandSameCiphertext(t *testing.T) { 650 t.Parallel() 651 652 raw, err := GetRandomBytes(32) 653 assert.NoError(t, err) 654 655 k := &aesPrivateKey{privKey: raw, exportable: false} 656 657 msg := []byte("Hello World") 658 encryptor := &aescbcpkcs7Encryptor{} 659 660 r := mrand.New(mrand.NewSource(0)) 661 iv := make([]byte, aes.BlockSize) 662 _, err = io.ReadFull(r, iv) 663 assert.NoError(t, err) 664 665 r = mrand.New(mrand.NewSource(0)) 666 ct, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{PRNG: r}) 667 assert.NoError(t, err) 668 assert.NotNil(t, ct) 669 assert.Equal(t, iv, ct[:aes.BlockSize]) 670 671 r = mrand.New(mrand.NewSource(0)) 672 ct2, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{PRNG: r}) 673 assert.NoError(t, err) 674 assert.NotNil(t, ct2) 675 assert.Equal(t, iv, ct2[:aes.BlockSize]) 676 677 assert.Equal(t, ct, ct2) 678 }