use of com.google.crypto.tink.Aead in project tink by google.
the class ChaCha20Poly1305Test method testLongMessages.
@Test
public /**
* BC had a bug, where GCM failed for messages of size > 8192
*/
void testLongMessages() throws Exception {
Assume.assumeFalse(TinkFips.useOnlyFips());
// Doesn't work on Android
Assume.assumeFalse(TestUtil.isAndroid());
int dataSize = 16;
while (dataSize <= (1 << 24)) {
byte[] plaintext = Random.randBytes(dataSize);
byte[] aad = Random.randBytes(dataSize / 3);
byte[] key = Random.randBytes(KEY_SIZE);
Aead aead = createInstance(key);
byte[] ciphertext = aead.encrypt(plaintext, aad);
byte[] decrypted = aead.decrypt(ciphertext, aad);
assertArrayEquals(plaintext, decrypted);
dataSize += 5 * dataSize / 11;
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class ChaCha20Poly1305Test method testEmptyAssociatedData.
@Test
public void testEmptyAssociatedData() throws Exception {
Assume.assumeFalse(TinkFips.useOnlyFips());
byte[] aad = new byte[0];
Aead aead = createInstance(Random.randBytes(KEY_SIZE));
for (int messageSize = 0; messageSize < 75; messageSize++) {
byte[] message = Random.randBytes(messageSize);
{
// encrypting with aad as a 0-length array
byte[] ciphertext = aead.encrypt(message, aad);
byte[] decrypted = aead.decrypt(ciphertext, aad);
assertArrayEquals(message, decrypted);
byte[] decrypted2 = aead.decrypt(ciphertext, null);
assertArrayEquals(message, decrypted2);
byte[] badAad = new byte[] { 1, 2, 3 };
assertThrows(AEADBadTagException.class, () -> {
byte[] unused = aead.decrypt(ciphertext, badAad);
});
}
{
// encrypting with aad equal to null
byte[] ciphertext = aead.encrypt(message, null);
byte[] decrypted = aead.decrypt(ciphertext, aad);
assertArrayEquals(message, decrypted);
byte[] decrypted2 = aead.decrypt(ciphertext, null);
assertArrayEquals(message, decrypted2);
byte[] badAad = new byte[] { 1, 2, 3 };
assertThrows(AEADBadTagException.class, () -> {
byte[] unused = aead.decrypt(ciphertext, badAad);
});
}
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class ChaCha20Poly1305Test method testWycheproofVectors.
@Test
public void testWycheproofVectors() throws Exception {
Assume.assumeFalse(TinkFips.useOnlyFips());
JsonObject json = WycheproofTestUtil.readJson("../wycheproof/testvectors/chacha20_poly1305_test.json");
int errors = 0;
JsonArray testGroups = json.getAsJsonArray("testGroups");
for (int i = 0; i < testGroups.size(); i++) {
JsonObject group = testGroups.get(i).getAsJsonObject();
JsonArray tests = group.getAsJsonArray("tests");
for (int j = 0; j < tests.size(); j++) {
JsonObject testcase = tests.get(j).getAsJsonObject();
String tcId = String.format("testcase %d (%s)", testcase.get("tcId").getAsInt(), testcase.get("comment").getAsString());
byte[] iv = Hex.decode(testcase.get("iv").getAsString());
byte[] key = Hex.decode(testcase.get("key").getAsString());
byte[] msg = Hex.decode(testcase.get("msg").getAsString());
byte[] aad = Hex.decode(testcase.get("aad").getAsString());
byte[] ct = Hex.decode(testcase.get("ct").getAsString());
byte[] tag = Hex.decode(testcase.get("tag").getAsString());
byte[] ciphertext = Bytes.concat(iv, ct, tag);
// Result is one of "valid", "invalid", "acceptable".
// "valid" are test vectors with matching plaintext, ciphertext and tag.
// "invalid" are test vectors with invalid parameters or invalid ciphertext and tag.
// "acceptable" are test vectors with weak parameters or legacy formats.
String result = testcase.get("result").getAsString();
try {
Aead aead = createInstance(key);
byte[] decrypted = aead.decrypt(ciphertext, aad);
boolean eq = TestUtil.arrayEquals(decrypted, msg);
if (result.equals("invalid")) {
System.out.printf("FAIL %s: accepting invalid ciphertext, cleartext: %s, decrypted: %s%n", tcId, Hex.encode(msg), Hex.encode(decrypted));
errors++;
} else {
if (!eq) {
System.out.printf("FAIL %s: incorrect decryption, result: %s, expected: %s%n", tcId, Hex.encode(decrypted), Hex.encode(msg));
errors++;
}
}
} catch (GeneralSecurityException ex) {
if (result.equals("valid")) {
System.out.printf("FAIL %s: cannot decrypt, exception %s%n", tcId, ex);
errors++;
}
}
}
}
assertEquals(0, errors);
}
use of com.google.crypto.tink.Aead in project tink by google.
the class XChaCha20Poly1305Test method testRandomNonce.
/**
* This is a very simple test for the randomness of the nonce. The test simply checks that the
* multiple ciphertexts of the same message are distinct.
*/
@Test
public void testRandomNonce() throws Exception {
if (TestUtil.isTsan()) {
System.out.println("testRandomNonce takes too long under tsan, skipping");
return;
}
byte[] key = Random.randBytes(KEY_SIZE);
Aead aead = createInstance(key);
byte[] message = new byte[0];
byte[] aad = new byte[0];
HashSet<String> ciphertexts = new HashSet<>();
final int samples = 1 << 17;
for (int i = 0; i < samples; i++) {
byte[] ct = aead.encrypt(message, aad);
String ctHex = TestUtil.hexEncode(ct);
assertFalse(ciphertexts.contains(ctHex));
ciphertexts.add(ctHex);
}
assertEquals(samples, ciphertexts.size());
}
use of com.google.crypto.tink.Aead in project tink by google.
the class XChaCha20Poly1305Test method testDecryptThrowsGeneralSecurityExpWhenCiphertextIsTooShort.
@Test
public void testDecryptThrowsGeneralSecurityExpWhenCiphertextIsTooShort() throws GeneralSecurityException {
Aead cipher = createInstance(new byte[KEY_SIZE]);
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> cipher.decrypt(new byte[27], new byte[1]));
assertThat(e).hasMessageThat().containsMatch("ciphertext too short");
}
Aggregations