Home | History | Annotate | Download | only in cipher 
      1 // Copyright 2013 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 package cipher_test
      6 
      7 import (
      8 	"bytes"
      9 	"crypto/aes"
     10 	"crypto/cipher"
     11 	"encoding/hex"
     12 	"testing"
     13 )
     14 
     15 // AES-GCM test vectors taken from gcmEncryptExtIV128.rsp from
     16 // http://csrc.nist.gov/groups/STM/cavp/index.html.
     17 var aesGCMTests = []struct {
     18 	key, nonce, plaintext, ad, result string
     19 }{
     20 	{
     21 		"11754cd72aec309bf52f7687212e8957",
     22 		"3c819d9a9bed087615030b65",
     23 		"",
     24 		"",
     25 		"250327c674aaf477aef2675748cf6971",
     26 	},
     27 	{
     28 		"ca47248ac0b6f8372a97ac43508308ed",
     29 		"ffd2b598feabc9019262d2be",
     30 		"",
     31 		"",
     32 		"60d20404af527d248d893ae495707d1a",
     33 	},
     34 	{
     35 		"77be63708971c4e240d1cb79e8d77feb",
     36 		"e0e00f19fed7ba0136a797f3",
     37 		"",
     38 		"7a43ec1d9c0a5a78a0b16533a6213cab",
     39 		"209fcc8d3675ed938e9c7166709dd946",
     40 	},
     41 	{
     42 		"7680c5d3ca6154758e510f4d25b98820",
     43 		"f8f105f9c3df4965780321f8",
     44 		"",
     45 		"c94c410194c765e3dcc7964379758ed3",
     46 		"94dca8edfcf90bb74b153c8d48a17930",
     47 	},
     48 	{
     49 		"7fddb57453c241d03efbed3ac44e371c",
     50 		"ee283a3fc75575e33efd4887",
     51 		"d5de42b461646c255c87bd2962d3b9a2",
     52 		"",
     53 		"2ccda4a5415cb91e135c2a0f78c9b2fdb36d1df9b9d5e596f83e8b7f52971cb3",
     54 	},
     55 	{
     56 		"ab72c77b97cb5fe9a382d9fe81ffdbed",
     57 		"54cc7dc2c37ec006bcc6d1da",
     58 		"007c5e5b3e59df24a7c355584fc1518d",
     59 		"",
     60 		"0e1bde206a07a9c2c1b65300f8c649972b4401346697138c7a4891ee59867d0c",
     61 	},
     62 	{
     63 		"fe47fcce5fc32665d2ae399e4eec72ba",
     64 		"5adb9609dbaeb58cbd6e7275",
     65 		"7c0e88c88899a779228465074797cd4c2e1498d259b54390b85e3eef1c02df60e743f1b840382c4bccaf3bafb4ca8429bea063",
     66 		"88319d6e1d3ffa5f987199166c8a9b56c2aeba5a",
     67 		"98f4826f05a265e6dd2be82db241c0fbbbf9ffb1c173aa83964b7cf5393043736365253ddbc5db8778371495da76d269e5db3e291ef1982e4defedaa2249f898556b47",
     68 	},
     69 	{
     70 		"ec0c2ba17aa95cd6afffe949da9cc3a8",
     71 		"296bce5b50b7d66096d627ef",
     72 		"b85b3753535b825cbe5f632c0b843c741351f18aa484281aebec2f45bb9eea2d79d987b764b9611f6c0f8641843d5d58f3a242",
     73 		"f8d00f05d22bf68599bcdeb131292ad6e2df5d14",
     74 		"a7443d31c26bdf2a1c945e29ee4bd344a99cfaf3aa71f8b3f191f83c2adfc7a07162995506fde6309ffc19e716eddf1a828c5a890147971946b627c40016da1ecf3e77",
     75 	},
     76 	{
     77 		"2c1f21cf0f6fb3661943155c3e3d8492",
     78 		"23cb5ff362e22426984d1907",
     79 		"42f758836986954db44bf37c6ef5e4ac0adaf38f27252a1b82d02ea949c8a1a2dbc0d68b5615ba7c1220ff6510e259f06655d8",
     80 		"5d3624879d35e46849953e45a32a624d6a6c536ed9857c613b572b0333e701557a713e3f010ecdf9a6bd6c9e3e44b065208645aff4aabee611b391528514170084ccf587177f4488f33cfb5e979e42b6e1cfc0a60238982a7aec",
     81 		"81824f0e0d523db30d3da369fdc0d60894c7a0a20646dd015073ad2732bd989b14a222b6ad57af43e1895df9dca2a5344a62cc57a3ee28136e94c74838997ae9823f3a",
     82 	},
     83 	{
     84 		"d9f7d2411091f947b4d6f1e2d1f0fb2e",
     85 		"e1934f5db57cc983e6b180e7",
     86 		"73ed042327f70fe9c572a61545eda8b2a0c6e1d6c291ef19248e973aee6c312012f490c2c6f6166f4a59431e182663fcaea05a",
     87 		"0a8a18a7150e940c3d87b38e73baee9a5c049ee21795663e264b694a949822b639092d0e67015e86363583fcf0ca645af9f43375f05fdb4ce84f411dcbca73c2220dea03a20115d2e51398344b16bee1ed7c499b353d6c597af8",
     88 		"aaadbd5c92e9151ce3db7210b8714126b73e43436d242677afa50384f2149b831f1d573c7891c2a91fbc48db29967ec9542b2321b51ca862cb637cdd03b99a0f93b134",
     89 	},
     90 	{
     91 		"fe9bb47deb3a61e423c2231841cfd1fb",
     92 		"4d328eb776f500a2f7fb47aa",
     93 		"f1cc3818e421876bb6b8bbd6c9",
     94 		"",
     95 		"b88c5c1977b35b517b0aeae96743fd4727fe5cdb4b5b42818dea7ef8c9",
     96 	},
     97 	{
     98 		"6703df3701a7f54911ca72e24dca046a",
     99 		"12823ab601c350ea4bc2488c",
    100 		"793cd125b0b84a043e3ac67717",
    101 		"",
    102 		"b2051c80014f42f08735a7b0cd38e6bcd29962e5f2c13626b85a877101",
    103 	},
    104 	// These cases test non-standard nonce sizes.
    105 	{
    106 		"1672c3537afa82004c6b8a46f6f0d026",
    107 		"05",
    108 		"",
    109 		"",
    110 		"8e2ad721f9455f74d8b53d3141f27e8e",
    111 	},
    112 	{
    113 		"9a4fea86a621a91ab371e492457796c0",
    114 		"75",
    115 		"ca6131faf0ff210e4e693d6c31c109fc5b6f54224eb120f37de31dc59ec669b6",
    116 		"4f6e2585c161f05a9ae1f2f894e9f0ab52b45d0f",
    117 		"5698c0a384241d30004290aac56bb3ece6fe8eacc5c4be98954deb9c3ff6aebf5d50e1af100509e1fba2a5e8a0af9670",
    118 	},
    119 	{
    120 		"d0f1f4defa1e8c08b4b26d576392027c",
    121 		"42b4f01eb9f5a1ea5b1eb73b0fb0baed54f387ecaa0393c7d7dffc6af50146ecc021abf7eb9038d4303d91f8d741a11743166c0860208bcc02c6258fd9511a2fa626f96d60b72fcff773af4e88e7a923506e4916ecbd814651e9f445adef4ad6a6b6c7290cc13b956130eef5b837c939fcac0cbbcc9656cd75b13823ee5acdac",
    122 		"",
    123 		"",
    124 		"7ab49b57ddf5f62c427950111c5c4f0d",
    125 	},
    126 	{
    127 		"4a0c00a3d284dea9d4bf8b8dde86685e",
    128 		"f8cbe82588e784bcacbe092cd9089b51e01527297f635bf294b3aa787d91057ef23869789698ac960707857f163ecb242135a228ad93964f5dc4a4d7f88fd7b3b07dd0a5b37f9768fb05a523639f108c34c661498a56879e501a2321c8a4a94d7e1b89db255ac1f685e185263368e99735ebe62a7f2931b47282be8eb165e4d7",
    129 		"6d4bf87640a6a48a50d28797b7",
    130 		"8d8c7ffc55086d539b5a8f0d1232654c",
    131 		"0d803ec309482f35b8e6226f2b56303239298e06b281c2d51aaba3c125",
    132 	},
    133 }
    134 
    135 func TestAESGCM(t *testing.T) {
    136 	for i, test := range aesGCMTests {
    137 		key, _ := hex.DecodeString(test.key)
    138 		aes, err := aes.NewCipher(key)
    139 		if err != nil {
    140 			t.Fatal(err)
    141 		}
    142 
    143 		nonce, _ := hex.DecodeString(test.nonce)
    144 		plaintext, _ := hex.DecodeString(test.plaintext)
    145 		ad, _ := hex.DecodeString(test.ad)
    146 		aesgcm, err := cipher.NewGCMWithNonceSize(aes, len(nonce))
    147 		if err != nil {
    148 			t.Fatal(err)
    149 		}
    150 
    151 		ct := aesgcm.Seal(nil, nonce, plaintext, ad)
    152 		if ctHex := hex.EncodeToString(ct); ctHex != test.result {
    153 			t.Errorf("#%d: got %s, want %s", i, ctHex, test.result)
    154 			continue
    155 		}
    156 
    157 		plaintext2, err := aesgcm.Open(nil, nonce, ct, ad)
    158 		if err != nil {
    159 			t.Errorf("#%d: Open failed", i)
    160 			continue
    161 		}
    162 
    163 		if !bytes.Equal(plaintext, plaintext2) {
    164 			t.Errorf("#%d: plaintext's don't match: got %x vs %x", i, plaintext2, plaintext)
    165 			continue
    166 		}
    167 
    168 		if len(ad) > 0 {
    169 			ad[0] ^= 0x80
    170 			if _, err := aesgcm.Open(nil, nonce, ct, ad); err == nil {
    171 				t.Errorf("#%d: Open was successful after altering additional data", i)
    172 			}
    173 			ad[0] ^= 0x80
    174 		}
    175 
    176 		nonce[0] ^= 0x80
    177 		if _, err := aesgcm.Open(nil, nonce, ct, ad); err == nil {
    178 			t.Errorf("#%d: Open was successful after altering nonce", i)
    179 		}
    180 		nonce[0] ^= 0x80
    181 
    182 		ct[0] ^= 0x80
    183 		if _, err := aesgcm.Open(nil, nonce, ct, ad); err == nil {
    184 			t.Errorf("#%d: Open was successful after altering ciphertext", i)
    185 		}
    186 		ct[0] ^= 0x80
    187 	}
    188 }
    189