1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/chacha20_poly1305_decrypter.h"
7 #include "net/quic/test_tools/quic_test_utils.h"
9 using base::StringPiece;
13 // The test vectors come from draft-agl-tls-chacha20poly1305-04 Section 7.
15 // Each test vector consists of six strings of lowercase hexadecimal digits.
16 // The strings may be empty (zero length). A test vector with a NULL |key|
17 // marks the end of an array of test vectors.
26 const char* pt; // An empty string "" means decryption succeeded and
27 // the plaintext is zero-length. NULL means decryption
31 const TestVector test_vectors[] = {
32 { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
35 "87e229d4500845a079c0",
36 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" truncated.
37 "86d09974840bded2a5ca"
39 // Modify the ciphertext (ChaCha20 encryption output).
40 { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
43 "87e229d4500845a079c0",
44 "f3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" truncated.
47 // Modify the ciphertext (Poly1305 authenticator).
48 { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
51 "87e229d4500845a079c0",
52 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28476", // "3896e1d6" truncated.
55 // Modify the associated data.
56 { "4290bcb154173531f314af57f3be3b5006da371ece272afa1b5dbdd110"
59 "87e229d4500845a079c0",
60 "e3e446f7ede9a19b62a4677dabf4e3d24b876bb28475", // "3896e1d6" truncated.
71 // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing
72 // in an nonce and also to allocate the buffer needed for the plaintext.
73 QuicData* DecryptWithNonce(ChaCha20Poly1305Decrypter* decrypter,
75 StringPiece associated_data,
76 StringPiece ciphertext) {
77 size_t plaintext_size = ciphertext.length();
78 scoped_ptr<char[]> plaintext(new char[plaintext_size]);
80 if (!decrypter->Decrypt(nonce, associated_data, ciphertext,
81 reinterpret_cast<unsigned char*>(plaintext.get()),
85 return new QuicData(plaintext.release(), plaintext_size, true);
88 TEST(ChaCha20Poly1305DecrypterTest, Decrypt) {
89 if (!ChaCha20Poly1305Decrypter::IsSupported()) {
90 LOG(INFO) << "ChaCha20+Poly1305 not supported. Test skipped.";
94 for (size_t i = 0; test_vectors[i].key != nullptr; i++) {
95 // If not present then decryption is expected to fail.
96 bool has_pt = test_vectors[i].pt;
98 // Decode the test vector.
104 ASSERT_TRUE(DecodeHexString(test_vectors[i].key, &key));
105 ASSERT_TRUE(DecodeHexString(test_vectors[i].iv, &iv));
106 ASSERT_TRUE(DecodeHexString(test_vectors[i].aad, &aad));
107 ASSERT_TRUE(DecodeHexString(test_vectors[i].ct, &ct));
109 ASSERT_TRUE(DecodeHexString(test_vectors[i].pt, &pt));
112 ChaCha20Poly1305Decrypter decrypter;
113 ASSERT_TRUE(decrypter.SetKey(key));
114 scoped_ptr<QuicData> decrypted(DecryptWithNonce(
116 // This deliberately tests that the decrypter can handle an AAD that
117 // is set to nullptr, as opposed to a zero-length, non-nullptr pointer.
118 StringPiece(aad.length() ? aad.data() : nullptr, aad.length()), ct));
119 if (!decrypted.get()) {
120 EXPECT_FALSE(has_pt);
125 ASSERT_EQ(pt.length(), decrypted->length());
126 test::CompareCharArraysWithHexError("plaintext", decrypted->data(),
127 pt.length(), pt.data(), pt.length());