[go: up one dir, main page]

botan 0.9.1

Rust wrapper for Botan cryptography library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

#[test]
fn wycheproof_aead_gcm_tests() -> Result<(), botan::Error> {
    wycheproof_aead_test(wycheproof::aead::TestName::AesGcm, |ks: usize| {
        format!("AES-{ks}/GCM")
    })
}

#[test]
fn wycheproof_aead_eax_tests() -> Result<(), botan::Error> {
    wycheproof_aead_test(wycheproof::aead::TestName::AesEax, |ks: usize| {
        format!("AES-{ks}/EAX")
    })
}

#[test]
fn wycheproof_aead_siv_tests() -> Result<(), botan::Error> {
    wycheproof_aead_test(wycheproof::aead::TestName::AesSivCmac, |ks: usize| {
        format!("AES-{}/SIV", ks / 2)
    })
}

#[test]
fn wycheproof_aead_chacha20poly1305_tests() -> Result<(), botan::Error> {
    wycheproof_aead_test(
        wycheproof::aead::TestName::ChaCha20Poly1305,
        |_ks: usize| "ChaCha20Poly1305".to_string(),
    )
}

#[test]
fn wycheproof_aead_xchacha20poly1305_tests() -> Result<(), botan::Error> {
    wycheproof_aead_test(
        wycheproof::aead::TestName::XChaCha20Poly1305,
        |_ks: usize| "ChaCha20Poly1305".to_string(),
    )
}

fn wycheproof_aead_test(
    test_set_name: wycheproof::aead::TestName,
    botan_cipher_name: impl Fn(usize) -> String,
) -> Result<(), botan::Error> {
    let test_set = wycheproof::aead::TestSet::load(test_set_name).unwrap();

    for test_group in test_set.test_groups {
        let cipher_name = botan_cipher_name(test_group.key_size);

        let tag_first = cipher_name.contains("/SIV");

        for test in &test_group.tests {
            // Cipher object must be created each time to avoid a bug in EAX encryption
            let mut cipher = botan::Cipher::new(&cipher_name, botan::CipherDirection::Encrypt)?;

            cipher.set_key(&test.key).unwrap();
            cipher.set_associated_data(&test.aad).unwrap();

            if test.result == wycheproof::TestResult::Invalid
                && test
                    .flags
                    .contains(&wycheproof::aead::TestFlag::ZeroLengthIv)
            {
                assert!(cipher.process(&test.nonce, &test.pt).is_err());
                continue;
            }

            if !cipher.valid_nonce_length(test.nonce.len())? {
                assert!(test.result.must_fail());
                continue;
            }

            let ctext = cipher.process(&test.nonce, &test.pt).unwrap();

            let expected_ctext = if tag_first {
                format!("{}{}", hex::encode(&test.tag), hex::encode(&test.ct))
            } else {
                format!("{}{}", hex::encode(&test.ct), hex::encode(&test.tag))
            };

            if test.result.must_fail() {
                assert_ne!(hex::encode(ctext), expected_ctext);
            } else {
                assert_eq!(hex::encode(ctext), expected_ctext);
            }
        }

        for test in &test_group.tests {
            let mut cipher =
                botan::Cipher::new(&cipher_name, botan::CipherDirection::Decrypt).unwrap();

            cipher.set_key(&test.key).unwrap();
            cipher.set_associated_data(&test.aad).unwrap();

            if test.result == wycheproof::TestResult::Invalid
                && test
                    .flags
                    .contains(&wycheproof::aead::TestFlag::ZeroLengthIv)
            {
                assert!(cipher.process(&test.nonce, &test.pt).is_err());
                continue;
            }

            let ct_and_tag = if tag_first {
                let mut tag_and_ct = test.tag.clone();
                tag_and_ct.extend_from_slice(&test.ct);
                tag_and_ct
            } else {
                let mut ct_and_tag = test.ct.clone();
                ct_and_tag.extend_from_slice(&test.tag);
                ct_and_tag
            };

            match cipher.process(&test.nonce, &ct_and_tag) {
                Ok(ptext) => {
                    assert!(!test.result.must_fail());
                    assert_eq!(hex::encode(ptext), hex::encode(&test.pt));
                }
                Err(_) => {
                    assert!(test.result.must_fail());
                }
            }
        }
    }

    Ok(())
}