// TestAESRelatedUtilFunctions tests various functions commonly used in fabric wrt AES
func TestAESRelatedUtilFunctions(t *testing.T) {
key, err := GenAESKey()
if err != nil {
t.Fatalf("Failed generating AES key [%s]", err)
}
for i := 1; i < 100; i++ {
len, err := rand.Int(rand.Reader, big.NewInt(1024))
if err != nil {
t.Fatalf("Failed generating AES key [%s]", err)
}
msg, err := primitives.GetRandomBytes(int(len.Int64()) + 1)
if err != nil {
t.Fatalf("Failed generating AES key [%s]", err)
}
ct, err := CBCPKCS7Encrypt(key, msg)
if err != nil {
t.Fatalf("Failed encrypting [%s]", err)
}
msg2, err := CBCPKCS7Decrypt(key, ct)
if err != nil {
t.Fatalf("Failed decrypting [%s]", err)
}
if 0 != bytes.Compare(msg, msg2) {
t.Fatalf("Wrong decryption output [%x][%x]", msg, msg2)
}
}
}
func TestAES256GSMSPIDencryption(t *testing.T) {
spi := NewAES256GSMSPI()
// Generate Key
key, err := spi.GenerateKey()
if err != nil {
t.Fatalf("Failed generating key [%s]", err)
}
if key.GetRand() == nil {
t.Fatalf("Nil random generator in key.")
}
// Encrypt
sc, err := spi.NewStreamCipherForDecryptionFromKey(key)
if err != nil {
t.Fatalf("Failed NewStreamCipherForDecryptionFromKey [%s]", err)
}
_, err = sc.Process(nil)
if err == nil {
t.Fatalf("Decryption should fail on nil")
}
_, err = sc.Process([]byte{0, 1, 2})
if err == nil {
t.Fatalf("Decryption should fail on invalid ciphertext")
}
randCt, err := primitives.GetRandomBytes(45)
if err != nil {
t.Fatalf("Failed generating random bytes [%s]", err)
}
_, err = sc.Process(randCt)
if err == nil {
t.Fatalf("Decryption should fail on invalid ciphertext")
}
}
func (spi *aes256GCMStreamCipherSPIImpl) GenerateKeyAndSerialize() (primitives.SecretKey, []byte, error) {
key, err := primitives.GetRandomBytes(32)
if err != nil {
return nil, nil, err
}
return &aesSecretKeyImpl{key, rand.Reader}, utils.Clone(key), nil
}
func (spi *aes256GCMStreamCipherSPIImpl) GenerateKey() (primitives.SecretKey, error) {
key, err := primitives.GetRandomBytes(32)
if err != nil {
return nil, err
}
return &aesSecretKeyImpl{key, rand.Reader}, nil
}
func (se *queryStateEncryptor) Encrypt(msg []byte) ([]byte, error) {
nonce, err := primitives.GetRandomBytes(se.nonceSize)
if err != nil {
se.node.Errorf("Failed getting randomness [%s].", err.Error())
return nil, err
}
// Seal will append the output to the first argument; the usage
// here appends the ciphertext to the nonce. The final parameter
// is any additional data to be authenticated.
out := se.gcmEnc.Seal(nonce, nonce, msg, nil)
return out, nil
}
func TestAES256GSMSPI(t *testing.T) {
spi := NewAES256GSMSPI()
// Gen Key
// Invalid Key
keyRaw, err := primitives.GetRandomBytes(45)
if err != nil {
t.Fatalf("Failed generating random bytes [%s]", err)
}
key, err := spi.NewSecretKey(rand.Reader, keyRaw)
if err == nil {
t.Fatalf("Generating key should fail on invalid key length")
}
key, err = spi.NewSecretKey(rand.Reader, rand.Reader)
if err == nil {
t.Fatalf("Generating key should fail on invalid key length")
}
// Valid Key
keyRaw, err = primitives.GetRandomBytes(32)
if err != nil {
t.Fatalf("Failed generating random bytes [%s]", err)
}
key, err = spi.NewSecretKey(rand.Reader, keyRaw)
if err != nil {
t.Fatalf("Failed generating key [%s]", err)
}
if key.GetRand() == nil {
t.Fatalf("Nil random generator in key.")
}
// Serialize, Deserialize
keySer, err := spi.SerializeSecretKey(key)
if err != nil {
t.Fatalf("Failed serializing key [%s]", err)
}
key, err = spi.DeserializeSecretKey(keySer)
if err != nil {
t.Fatalf("Failed deserializing key [%s]", err)
}
if reflect.DeepEqual(key, keyRaw) {
t.Fatalf("Deserialization failed to recover the original key [%x][%x]", keyRaw, key)
}
// Encrypt
msg := []byte("Hellow World")
sc, err := spi.NewStreamCipherForEncryptionFromKey(key)
if err != nil {
t.Fatalf("Failed NewStreamCipherForEncryptionFromKey [%s]", err)
}
ct, err := sc.Process(msg)
if err != nil {
t.Fatalf("Failed encrypting plaintext [%s]", err)
}
// Decrypt
sc, err = spi.NewStreamCipherForDecryptionFromKey(key)
if err != nil {
t.Fatalf("Failed NewStreamCipherForDecryptionFromKey [%s]", err)
}
msg2, err := sc.Process(ct)
if err != nil {
t.Fatalf("Failed decrypting ciphertext [%s]", err)
}
// Test msg2 is equal to msg
if !reflect.DeepEqual(msg2, msg) {
t.Fatalf("Failed decrypting the right value [%x][%x]", msg, msg2)
}
sc, err = spi.NewStreamCipherForDecryptionFromSerializedKey(keySer)
if err != nil {
t.Fatalf("Failed NewStreamCipherForDecryptionFromSerializedKey [%s]", err)
}
msg2, err = sc.Process(ct)
if err != nil {
t.Fatalf("Failed decrypting ciphertext [%s]", err)
}
// Test msg2 is equal to msg
if !reflect.DeepEqual(msg2, msg) {
t.Fatalf("Failed decrypting the right value [%x][%x]", msg, msg2)
}
}
func (sc *aes256GCMStreamCipherImpl) generateNonce() ([]byte, error) {
return primitives.GetRandomBytes(sc.nonceSize)
}
// GenAESKey returns a random AES key of length AESKeyLength
func GenAESKey() ([]byte, error) {
return primitives.GetRandomBytes(AESKeyLength)
}