зеркало из https://github.com/mozilla/gecko-dev.git
93 строки
2.3 KiB
Rust
93 строки
2.3 KiB
Rust
#![cfg_attr(feature = "deny-warnings", deny(warnings))]
|
|
#![warn(clippy::pedantic)]
|
|
#![cfg(not(feature = "fuzzing"))]
|
|
|
|
use neqo_crypto::constants::{TLS_AES_128_GCM_SHA256, TLS_VERSION_1_3};
|
|
use neqo_crypto::{init, selfencrypt::SelfEncrypt, Error};
|
|
|
|
#[test]
|
|
fn se_create() {
|
|
init();
|
|
SelfEncrypt::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256).expect("constructor works");
|
|
}
|
|
|
|
const PLAINTEXT: &[u8] = b"PLAINTEXT";
|
|
const AAD: &[u8] = b"AAD";
|
|
|
|
fn sealed() -> (SelfEncrypt, Vec<u8>) {
|
|
init();
|
|
let se = SelfEncrypt::new(TLS_VERSION_1_3, TLS_AES_128_GCM_SHA256).unwrap();
|
|
let sealed = se.seal(AAD, PLAINTEXT).expect("sealing works");
|
|
(se, sealed)
|
|
}
|
|
|
|
#[test]
|
|
fn seal_open() {
|
|
let (se, sealed) = sealed();
|
|
let opened = se.open(AAD, &sealed).expect("opening works");
|
|
assert_eq!(&opened[..], PLAINTEXT);
|
|
}
|
|
|
|
#[test]
|
|
fn seal_rotate_open() {
|
|
let (mut se, sealed) = sealed();
|
|
se.rotate().expect("rotate should be infallible");
|
|
let opened = se.open(AAD, &sealed).expect("opening works");
|
|
assert_eq!(&opened[..], PLAINTEXT);
|
|
}
|
|
|
|
#[test]
|
|
fn seal_rotate_twice_open() {
|
|
let (mut se, sealed) = sealed();
|
|
se.rotate().expect("rotate should be infallible");
|
|
se.rotate().expect("rotate should be infallible");
|
|
let res = se.open(AAD, &sealed);
|
|
assert_eq!(res.unwrap_err(), Error::SelfEncryptFailure);
|
|
}
|
|
|
|
#[test]
|
|
fn damage_version() {
|
|
let (se, mut sealed) = sealed();
|
|
sealed[0] ^= 0x80;
|
|
let res = se.open(AAD, &sealed);
|
|
assert_eq!(res.unwrap_err(), Error::SelfEncryptFailure);
|
|
}
|
|
|
|
fn assert_bad_data<T>(res: Result<T, Error>) {
|
|
if let Err(Error::NssError { name, .. }) = res {
|
|
assert_eq!(name, "SEC_ERROR_BAD_DATA");
|
|
}
|
|
}
|
|
|
|
#[test]
|
|
fn damage_salt() {
|
|
let (se, mut sealed) = sealed();
|
|
sealed[4] ^= 0x10;
|
|
let res = se.open(AAD, &sealed);
|
|
assert_bad_data(res);
|
|
}
|
|
|
|
#[test]
|
|
fn damage_ciphertext() {
|
|
let (se, mut sealed) = sealed();
|
|
sealed[20] ^= 0x2f;
|
|
let res = se.open(AAD, &sealed);
|
|
assert_bad_data(res);
|
|
}
|
|
|
|
#[test]
|
|
fn damage_auth_tag() {
|
|
let (se, mut sealed) = sealed();
|
|
let idx = sealed.len() - 1;
|
|
sealed[idx] ^= 0x3;
|
|
let res = se.open(AAD, &sealed);
|
|
assert_bad_data(res);
|
|
}
|
|
|
|
#[test]
|
|
fn truncate() {
|
|
let (se, sealed) = sealed();
|
|
let res = se.open(AAD, &sealed[0..(sealed.len() - 1)]);
|
|
assert_bad_data(res);
|
|
}
|