github.com/true-sqn/fabric@v2.1.1+incompatible/bccsp/sw/aes_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 package sw 17 18 import ( 19 "bytes" 20 "crypto/aes" 21 "crypto/rand" 22 "io" 23 "math/big" 24 mrand "math/rand" 25 "testing" 26 27 "github.com/hyperledger/fabric/bccsp" 28 "github.com/hyperledger/fabric/bccsp/mocks" 29 "github.com/hyperledger/fabric/bccsp/utils" 30 "github.com/stretchr/testify/assert" 31 ) 32 33 // TestCBCPKCS7EncryptCBCPKCS7Decrypt encrypts using CBCPKCS7Encrypt and decrypts using CBCPKCS7Decrypt. 34 func TestCBCPKCS7EncryptCBCPKCS7Decrypt(t *testing.T) { 35 t.Parallel() 36 37 // Note: The purpose of this test is not to test AES-256 in CBC mode's strength 38 // ... but rather to verify the code wrapping/unwrapping the cipher. 39 key := make([]byte, 32) 40 rand.Reader.Read(key) 41 42 // 123456789012345678901234567890123456789012 43 var ptext = []byte("a message with arbitrary length (42 bytes)") 44 45 encrypted, encErr := AESCBCPKCS7Encrypt(key, ptext) 46 if encErr != nil { 47 t.Fatalf("Error encrypting '%s': %s", ptext, encErr) 48 } 49 50 decrypted, dErr := AESCBCPKCS7Decrypt(key, encrypted) 51 if dErr != nil { 52 t.Fatalf("Error decrypting the encrypted '%s': %v", ptext, dErr) 53 } 54 55 if string(ptext[:]) != string(decrypted[:]) { 56 t.Fatal("Decrypt( Encrypt( ptext ) ) != ptext: Ciphertext decryption with the same key must result in the original plaintext!") 57 } 58 } 59 60 // TestPKCS7Padding verifies the PKCS#7 padding, using a human readable plaintext. 61 func TestPKCS7Padding(t *testing.T) { 62 t.Parallel() 63 64 // 0 byte/length ptext 65 ptext := []byte("") 66 expected := []byte{16, 16, 16, 16, 67 16, 16, 16, 16, 68 16, 16, 16, 16, 69 16, 16, 16, 16} 70 result := pkcs7Padding(ptext) 71 72 if !bytes.Equal(expected, result) { 73 t.Fatal("Padding error! Expected: ", expected, "', received: '", result, "'") 74 } 75 76 // 1 byte/length ptext 77 ptext = []byte("1") 78 expected = []byte{'1', 15, 15, 15, 79 15, 15, 15, 15, 80 15, 15, 15, 15, 81 15, 15, 15, 15} 82 result = pkcs7Padding(ptext) 83 84 if !bytes.Equal(expected, result) { 85 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 86 } 87 88 // 2 byte/length ptext 89 ptext = []byte("12") 90 expected = []byte{'1', '2', 14, 14, 91 14, 14, 14, 14, 92 14, 14, 14, 14, 93 14, 14, 14, 14} 94 result = pkcs7Padding(ptext) 95 96 if !bytes.Equal(expected, result) { 97 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 98 } 99 100 // 3 to aes.BlockSize-1 byte plaintext 101 ptext = []byte("1234567890ABCDEF") 102 for i := 3; i < aes.BlockSize; i++ { 103 result := pkcs7Padding(ptext[:i]) 104 105 padding := aes.BlockSize - i 106 expectedPadding := bytes.Repeat([]byte{byte(padding)}, padding) 107 expected = append(ptext[:i], expectedPadding...) 108 109 if !bytes.Equal(result, expected) { 110 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 111 } 112 } 113 114 // aes.BlockSize length ptext 115 ptext = bytes.Repeat([]byte{byte('x')}, aes.BlockSize) 116 result = pkcs7Padding(ptext) 117 118 expectedPadding := bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize) 119 expected = append(ptext, expectedPadding...) 120 121 if len(result) != 2*aes.BlockSize { 122 t.Fatal("Padding error: expected the length of the returned slice to be 2 times aes.BlockSize") 123 } 124 125 if !bytes.Equal(expected, result) { 126 t.Fatal("Padding error! Expected: '", expected, "', received: '", result, "'") 127 } 128 } 129 130 // TestPKCS7UnPadding verifies the PKCS#7 unpadding, using a human readable plaintext. 131 func TestPKCS7UnPadding(t *testing.T) { 132 t.Parallel() 133 134 // 0 byte/length ptext 135 expected := []byte("") 136 ptext := []byte{16, 16, 16, 16, 137 16, 16, 16, 16, 138 16, 16, 16, 16, 139 16, 16, 16, 16} 140 141 result, _ := pkcs7UnPadding(ptext) 142 143 if !bytes.Equal(expected, result) { 144 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 145 } 146 147 // 1 byte/length ptext 148 expected = []byte("1") 149 ptext = []byte{'1', 15, 15, 15, 150 15, 15, 15, 15, 151 15, 15, 15, 15, 152 15, 15, 15, 15} 153 154 result, _ = pkcs7UnPadding(ptext) 155 156 if !bytes.Equal(expected, result) { 157 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 158 } 159 160 // 2 byte/length ptext 161 expected = []byte("12") 162 ptext = []byte{'1', '2', 14, 14, 163 14, 14, 14, 14, 164 14, 14, 14, 14, 165 14, 14, 14, 14} 166 167 result, _ = pkcs7UnPadding(ptext) 168 169 if !bytes.Equal(expected, result) { 170 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 171 } 172 173 // 3 to aes.BlockSize-1 byte plaintext 174 base := []byte("1234567890ABCDEF") 175 for i := 3; i < aes.BlockSize; i++ { 176 iPad := aes.BlockSize - i 177 padding := bytes.Repeat([]byte{byte(iPad)}, iPad) 178 ptext = append(base[:i], padding...) 179 180 expected := base[:i] 181 result, _ := pkcs7UnPadding(ptext) 182 183 if !bytes.Equal(result, expected) { 184 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 185 } 186 } 187 188 // aes.BlockSize length ptext 189 expected = bytes.Repeat([]byte{byte('x')}, aes.BlockSize) 190 padding := bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize) 191 ptext = append(expected, padding...) 192 193 result, _ = pkcs7UnPadding(ptext) 194 195 if !bytes.Equal(expected, result) { 196 t.Fatal("UnPadding error! Expected: '", expected, "', received: '", result, "'") 197 } 198 } 199 200 // TestCBCEncryptCBCPKCS7Decrypt_BlockSizeLengthPlaintext verifies that CBCPKCS7Decrypt returns an error 201 // when attempting to decrypt ciphertext of an irreproducible length. 202 func TestCBCEncryptCBCPKCS7Decrypt_BlockSizeLengthPlaintext(t *testing.T) { 203 t.Parallel() 204 205 // One of the purposes of this test is to also document and clarify the expected behavior, i.e., that an extra 206 // block is appended to the message at the padding stage, as per the spec of PKCS#7 v1.5 [see RFC-2315 p.21] 207 key := make([]byte, 32) 208 rand.Reader.Read(key) 209 210 // 1234567890123456 211 var ptext = []byte("a 16 byte messag") 212 213 encrypted, encErr := aesCBCEncrypt(key, ptext) 214 if encErr != nil { 215 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 216 } 217 218 decrypted, dErr := AESCBCPKCS7Decrypt(key, encrypted) 219 if dErr == nil { 220 t.Fatalf("Expected an error decrypting ptext '%s'. Decrypted to '%v'", dErr, decrypted) 221 } 222 } 223 224 // TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage verifies that CBCDecrypt can decrypt the unpadded 225 // version of the ciphertext, of a message of BlockSize length. 226 func TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage(t *testing.T) { 227 t.Parallel() 228 229 // One of the purposes of this test is to also document and clarify the expected behavior, i.e., that an extra 230 // block is appended to the message at the padding stage, as per the spec of PKCS#7 v1.5 [see RFC-2315 p.21] 231 key := make([]byte, 32) 232 rand.Reader.Read(key) 233 234 // 0123456789ABCDEF 235 var ptext = []byte("a 16 byte messag") 236 237 encrypted, encErr := AESCBCPKCS7Encrypt(key, ptext) 238 if encErr != nil { 239 t.Fatalf("Error encrypting ptext %v", encErr) 240 } 241 242 decrypted, dErr := aesCBCDecrypt(key, encrypted) 243 if dErr != nil { 244 t.Fatalf("Error encrypting ptext %v, %v", dErr, decrypted) 245 } 246 247 if string(ptext[:]) != string(decrypted[:aes.BlockSize]) { 248 t.Log("ptext: ", ptext) 249 t.Log("decrypted: ", decrypted[:aes.BlockSize]) 250 t.Fatal("Encryption->Decryption with same key should result in original ptext") 251 } 252 253 if !bytes.Equal(decrypted[aes.BlockSize:], bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize)) { 254 t.Fatal("Expected extra block with padding in encrypted ptext", decrypted) 255 } 256 } 257 258 // TestCBCPKCS7Encrypt_EmptyPlaintext encrypts and pad an empty ptext. Verifying as well that the ciphertext length is as expected. 259 func TestCBCPKCS7Encrypt_EmptyPlaintext(t *testing.T) { 260 t.Parallel() 261 262 key := make([]byte, 32) 263 rand.Reader.Read(key) 264 265 t.Log("Generated key: ", key) 266 267 var emptyPlaintext = []byte("") 268 t.Log("Plaintext length: ", len(emptyPlaintext)) 269 270 ciphertext, encErr := AESCBCPKCS7Encrypt(key, emptyPlaintext) 271 if encErr != nil { 272 t.Fatalf("Error encrypting '%v'", encErr) 273 } 274 275 // Expected ciphertext length: 32 (=32) 276 // As part of the padding, at least one block gets encrypted (while the first block is the IV) 277 const expectedLength = aes.BlockSize + aes.BlockSize 278 if len(ciphertext) != expectedLength { 279 t.Fatalf("Wrong ciphertext length. Expected %d, received %d", expectedLength, len(ciphertext)) 280 } 281 282 t.Log("Ciphertext length: ", len(ciphertext)) 283 t.Log("Cipher: ", ciphertext) 284 } 285 286 // TestCBCEncrypt_EmptyPlaintext encrypts an empty message. Verifying as well that the ciphertext length is as expected. 287 func TestCBCEncrypt_EmptyPlaintext(t *testing.T) { 288 t.Parallel() 289 290 key := make([]byte, 32) 291 rand.Reader.Read(key) 292 t.Log("Generated key: ", key) 293 294 var emptyPlaintext = []byte("") 295 t.Log("Message length: ", len(emptyPlaintext)) 296 297 ciphertext, encErr := aesCBCEncrypt(key, emptyPlaintext) 298 assert.NoError(t, encErr) 299 300 t.Log("Ciphertext length: ", len(ciphertext)) 301 302 // Expected cipher length: aes.BlockSize, the first and only block is the IV 303 var expectedLength = aes.BlockSize 304 305 if len(ciphertext) != expectedLength { 306 t.Fatalf("Wrong ciphertext length. Expected: '%d', received: '%d'", expectedLength, len(ciphertext)) 307 } 308 t.Log("Ciphertext: ", ciphertext) 309 } 310 311 // TestCBCPKCS7Encrypt_VerifyRandomIVs encrypts twice with same key. The first 16 bytes should be different if IV is generated randomly. 312 func TestCBCPKCS7Encrypt_VerifyRandomIVs(t *testing.T) { 313 t.Parallel() 314 315 key := make([]byte, aes.BlockSize) 316 rand.Reader.Read(key) 317 t.Log("Key 1", key) 318 319 var ptext = []byte("a message to encrypt") 320 321 ciphertext1, err := AESCBCPKCS7Encrypt(key, ptext) 322 if err != nil { 323 t.Fatalf("Error encrypting '%s': %s", ptext, err) 324 } 325 326 // Expecting a different IV if same message is encrypted with same key 327 ciphertext2, err := AESCBCPKCS7Encrypt(key, ptext) 328 if err != nil { 329 t.Fatalf("Error encrypting '%s': %s", ptext, err) 330 } 331 332 iv1 := ciphertext1[:aes.BlockSize] 333 iv2 := ciphertext2[:aes.BlockSize] 334 335 t.Log("Ciphertext1: ", iv1) 336 t.Log("Ciphertext2: ", iv2) 337 t.Log("bytes.Equal: ", bytes.Equal(iv1, iv2)) 338 339 if bytes.Equal(iv1, iv2) { 340 t.Fatal("Error: ciphertexts contain identical initialization vectors (IVs)") 341 } 342 } 343 344 // TestCBCPKCS7Encrypt_CorrectCiphertextLengthCheck verifies that the returned ciphertext lengths are as expected. 345 func TestCBCPKCS7Encrypt_CorrectCiphertextLengthCheck(t *testing.T) { 346 t.Parallel() 347 348 key := make([]byte, aes.BlockSize) 349 rand.Reader.Read(key) 350 351 // length of message (in bytes) == aes.BlockSize (16 bytes) 352 // The expected cipher length = IV length (1 block) + 1 block message 353 354 var ptext = []byte("0123456789ABCDEF") 355 356 for i := 1; i < aes.BlockSize; i++ { 357 ciphertext, err := AESCBCPKCS7Encrypt(key, ptext[:i]) 358 if err != nil { 359 t.Fatal("Error encrypting '", ptext, "'") 360 } 361 362 expectedLength := aes.BlockSize + aes.BlockSize 363 if len(ciphertext) != expectedLength { 364 t.Fatalf("Incorrect ciphertext incorrect: expected '%d', received '%d'", expectedLength, len(ciphertext)) 365 } 366 } 367 } 368 369 // TestCBCEncryptCBCDecrypt_KeyMismatch attempts to decrypt with a different key than the one used for encryption. 370 func TestCBCEncryptCBCDecrypt_KeyMismatch(t *testing.T) { 371 t.Parallel() 372 373 // Generate a random key 374 key := make([]byte, aes.BlockSize) 375 rand.Reader.Read(key) 376 377 // Clone & tamper with the key 378 wrongKey := make([]byte, aes.BlockSize) 379 copy(wrongKey, key[:]) 380 wrongKey[0] = key[0] + 1 381 382 var ptext = []byte("1234567890ABCDEF") 383 encrypted, encErr := aesCBCEncrypt(key, ptext) 384 if encErr != nil { 385 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 386 } 387 388 decrypted, decErr := aesCBCDecrypt(wrongKey, encrypted) 389 if decErr != nil { 390 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 391 } 392 393 if string(ptext[:]) == string(decrypted[:]) { 394 t.Fatal("Decrypting a ciphertext with a different key than the one used for encrypting it - should not result in the original plaintext.") 395 } 396 } 397 398 // TestCBCEncryptCBCDecrypt encrypts with CBCEncrypt and decrypt with CBCDecrypt. 399 func TestCBCEncryptCBCDecrypt(t *testing.T) { 400 t.Parallel() 401 402 key := make([]byte, 32) 403 rand.Reader.Read(key) 404 405 // 1234567890123456 406 var ptext = []byte("a 16 byte messag") 407 408 encrypted, encErr := aesCBCEncrypt(key, ptext) 409 if encErr != nil { 410 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 411 } 412 413 decrypted, decErr := aesCBCDecrypt(key, encrypted) 414 if decErr != nil { 415 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 416 } 417 418 if string(ptext[:]) != string(decrypted[:]) { 419 t.Fatal("Encryption->Decryption with same key should result in the original plaintext.") 420 } 421 } 422 423 // TestCBCEncryptWithRandCBCDecrypt encrypts with CBCEncrypt using the passed prng and decrypt with CBCDecrypt. 424 func TestCBCEncryptWithRandCBCDecrypt(t *testing.T) { 425 t.Parallel() 426 427 key := make([]byte, 32) 428 rand.Reader.Read(key) 429 430 // 1234567890123456 431 var ptext = []byte("a 16 byte messag") 432 433 encrypted, encErr := aesCBCEncryptWithRand(rand.Reader, key, ptext) 434 if encErr != nil { 435 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 436 } 437 438 decrypted, decErr := aesCBCDecrypt(key, encrypted) 439 if decErr != nil { 440 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 441 } 442 443 if string(ptext[:]) != string(decrypted[:]) { 444 t.Fatal("Encryption->Decryption with same key should result in the original plaintext.") 445 } 446 } 447 448 // TestCBCEncryptWithIVCBCDecrypt encrypts with CBCEncrypt using the passed IV and decrypt with CBCDecrypt. 449 func TestCBCEncryptWithIVCBCDecrypt(t *testing.T) { 450 t.Parallel() 451 452 key := make([]byte, 32) 453 rand.Reader.Read(key) 454 455 // 1234567890123456 456 var ptext = []byte("a 16 byte messag") 457 458 iv := make([]byte, aes.BlockSize) 459 _, err := io.ReadFull(rand.Reader, iv) 460 assert.NoError(t, err) 461 462 encrypted, encErr := aesCBCEncryptWithIV(iv, key, ptext) 463 if encErr != nil { 464 t.Fatalf("Error encrypting '%s': %v", ptext, encErr) 465 } 466 467 decrypted, decErr := aesCBCDecrypt(key, encrypted) 468 if decErr != nil { 469 t.Fatalf("Error decrypting '%s': %v", ptext, decErr) 470 } 471 472 if string(ptext[:]) != string(decrypted[:]) { 473 t.Fatal("Encryption->Decryption with same key should result in the original plaintext.") 474 } 475 } 476 477 // TestAESRelatedUtilFunctions tests various functions commonly used in fabric wrt AES 478 func TestAESRelatedUtilFunctions(t *testing.T) { 479 t.Parallel() 480 481 key, err := GetRandomBytes(32) 482 if err != nil { 483 t.Fatalf("Failed generating AES key [%s]", err) 484 } 485 486 for i := 1; i < 100; i++ { 487 l, err := rand.Int(rand.Reader, big.NewInt(1024)) 488 if err != nil { 489 t.Fatalf("Failed generating AES key [%s]", err) 490 } 491 msg, err := GetRandomBytes(int(l.Int64()) + 1) 492 if err != nil { 493 t.Fatalf("Failed generating AES key [%s]", err) 494 } 495 496 ct, err := AESCBCPKCS7Encrypt(key, msg) 497 if err != nil { 498 t.Fatalf("Failed encrypting [%s]", err) 499 } 500 501 msg2, err := AESCBCPKCS7Decrypt(key, ct) 502 if err != nil { 503 t.Fatalf("Failed decrypting [%s]", err) 504 } 505 506 if !bytes.Equal(msg, msg2) { 507 t.Fatalf("Wrong decryption output [%x][%x]", msg, msg2) 508 } 509 } 510 } 511 512 // TestVariousAESKeyEncoding tests some AES <-> PEM conversions 513 func TestVariousAESKeyEncoding(t *testing.T) { 514 t.Parallel() 515 516 key, err := GetRandomBytes(32) 517 if err != nil { 518 t.Fatalf("Failed generating AES key [%s]", err) 519 } 520 521 // PEM format 522 pem := utils.AEStoPEM(key) 523 keyFromPEM, err := utils.PEMtoAES(pem, nil) 524 if err != nil { 525 t.Fatalf("Failed converting PEM to AES key [%s]", err) 526 } 527 if !bytes.Equal(key, keyFromPEM) { 528 t.Fatalf("Failed converting PEM to AES key. Keys are different [%x][%x]", key, keyFromPEM) 529 } 530 531 // Encrypted PEM format 532 pem, err = utils.AEStoEncryptedPEM(key, []byte("passwd")) 533 if err != nil { 534 t.Fatalf("Failed converting AES key to Encrypted PEM [%s]", err) 535 } 536 keyFromPEM, err = utils.PEMtoAES(pem, []byte("passwd")) 537 if err != nil { 538 t.Fatalf("Failed converting encrypted PEM to AES key [%s]", err) 539 } 540 if !bytes.Equal(key, keyFromPEM) { 541 t.Fatalf("Failed converting encrypted PEM to AES key. Keys are different [%x][%x]", key, keyFromPEM) 542 } 543 } 544 545 func TestPkcs7UnPaddingInvalidInputs(t *testing.T) { 546 t.Parallel() 547 548 _, err := pkcs7UnPadding([]byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}) 549 assert.Error(t, err) 550 assert.Equal(t, "Invalid pkcs7 padding (pad[i] != unpadding)", err.Error()) 551 } 552 553 func TestAESCBCEncryptInvalidInputs(t *testing.T) { 554 t.Parallel() 555 556 _, err := aesCBCEncrypt(nil, []byte{0, 1, 2, 3}) 557 assert.Error(t, err) 558 assert.Equal(t, "Invalid plaintext. It must be a multiple of the block size", err.Error()) 559 560 _, err = aesCBCEncrypt([]byte{0}, []byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}) 561 assert.Error(t, err) 562 } 563 564 func TestAESCBCDecryptInvalidInputs(t *testing.T) { 565 t.Parallel() 566 567 _, err := aesCBCDecrypt([]byte{0}, []byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}) 568 assert.Error(t, err) 569 570 _, err = aesCBCDecrypt([]byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, []byte{0}) 571 assert.Error(t, err) 572 573 _, err = aesCBCDecrypt([]byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, 574 []byte{1, 2, 3, 4, 5, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}) 575 assert.Error(t, err) 576 } 577 578 // TestAESCBCPKCS7EncryptorDecrypt tests the integration of 579 // aescbcpkcs7Encryptor and aescbcpkcs7Decryptor 580 func TestAESCBCPKCS7EncryptorDecrypt(t *testing.T) { 581 t.Parallel() 582 583 raw, err := GetRandomBytes(32) 584 assert.NoError(t, err) 585 586 k := &aesPrivateKey{privKey: raw, exportable: false} 587 588 msg := []byte("Hello World") 589 encryptor := &aescbcpkcs7Encryptor{} 590 591 _, err = encryptor.Encrypt(k, msg, nil) 592 assert.Error(t, err) 593 594 _, err = encryptor.Encrypt(k, msg, &mocks.EncrypterOpts{}) 595 assert.Error(t, err) 596 597 _, err = encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: []byte{1}}) 598 assert.Error(t, err) 599 assert.Contains(t, err.Error(), "Invalid IV. It must have length the block size") 600 601 _, err = encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: []byte{1}, PRNG: rand.Reader}) 602 assert.Error(t, err) 603 assert.Contains(t, err.Error(), "Invalid options. Either IV or PRNG should be different from nil, or both nil.") 604 605 _, err = encryptor.Encrypt(k, msg, bccsp.AESCBCPKCS7ModeOpts{}) 606 assert.NoError(t, err) 607 608 ct, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{}) 609 assert.NoError(t, err) 610 611 decryptor := &aescbcpkcs7Decryptor{} 612 613 _, err = decryptor.Decrypt(k, ct, nil) 614 assert.Error(t, err) 615 616 _, err = decryptor.Decrypt(k, ct, &mocks.EncrypterOpts{}) 617 assert.Error(t, err) 618 619 msg2, err := decryptor.Decrypt(k, ct, &bccsp.AESCBCPKCS7ModeOpts{}) 620 assert.NoError(t, err) 621 assert.Equal(t, msg, msg2) 622 } 623 624 func TestAESCBCPKCS7EncryptorWithIVSameCiphertext(t *testing.T) { 625 t.Parallel() 626 627 raw, err := GetRandomBytes(32) 628 assert.NoError(t, err) 629 630 k := &aesPrivateKey{privKey: raw, exportable: false} 631 632 msg := []byte("Hello World") 633 encryptor := &aescbcpkcs7Encryptor{} 634 635 iv := make([]byte, aes.BlockSize) 636 637 ct, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: iv}) 638 assert.NoError(t, err) 639 assert.NotNil(t, ct) 640 assert.Equal(t, iv, ct[:aes.BlockSize]) 641 642 ct2, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{IV: iv}) 643 assert.NoError(t, err) 644 assert.NotNil(t, ct2) 645 assert.Equal(t, iv, ct2[:aes.BlockSize]) 646 647 assert.Equal(t, ct, ct2) 648 } 649 650 func TestAESCBCPKCS7EncryptorWithRandSameCiphertext(t *testing.T) { 651 t.Parallel() 652 653 raw, err := GetRandomBytes(32) 654 assert.NoError(t, err) 655 656 k := &aesPrivateKey{privKey: raw, exportable: false} 657 658 msg := []byte("Hello World") 659 encryptor := &aescbcpkcs7Encryptor{} 660 661 r := mrand.New(mrand.NewSource(0)) 662 iv := make([]byte, aes.BlockSize) 663 _, err = io.ReadFull(r, iv) 664 assert.NoError(t, err) 665 666 r = mrand.New(mrand.NewSource(0)) 667 ct, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{PRNG: r}) 668 assert.NoError(t, err) 669 assert.NotNil(t, ct) 670 assert.Equal(t, iv, ct[:aes.BlockSize]) 671 672 r = mrand.New(mrand.NewSource(0)) 673 ct2, err := encryptor.Encrypt(k, msg, &bccsp.AESCBCPKCS7ModeOpts{PRNG: r}) 674 assert.NoError(t, err) 675 assert.NotNil(t, ct2) 676 assert.Equal(t, iv, ct2[:aes.BlockSize]) 677 678 assert.Equal(t, ct, ct2) 679 }