// TestCBCEncryptCBCDecrypt_KeyMismatch attempts to decrypt with a different key than the one used for encryption.
func TestCBCEncryptCBCDecrypt_KeyMismatch(t *testing.T) {
// Generate a random key
key := make([]byte, aes.BlockSize)
rand.Reader.Read(key)
// Clone & tamper with the key
wrongKey := make([]byte, aes.BlockSize)
copy(wrongKey, key[:])
wrongKey[0] = key[0] + 1
var ptext = []byte("1234567890ABCDEF")
encrypted, encErr := primitives.CBCEncrypt(key, ptext)
if encErr != nil {
t.Fatalf("Error encrypting '%s': %v", ptext, encErr)
}
decrypted, decErr := primitives.CBCDecrypt(wrongKey, encrypted)
if decErr != nil {
t.Fatalf("Error decrypting '%s': %v", ptext, decErr)
}
if string(ptext[:]) == string(decrypted[:]) {
t.Fatal("Decrypting a ciphertext with a different key than the one used for encrypting it - should not result in the original plaintext.")
}
}
// TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage verifies that CBCDecrypt can decrypt the unpadded
// version of the ciphertext, of a message of BlockSize length.
func TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage(t *testing.T) {
// One of the purposes of this test is to also document and clarify the expected behavior, i.e., that an extra
// block is appended to the message at the padding stage, as per the spec of PKCS#7 v1.5 [see RFC-2315 p.21]
key := make([]byte, primitives.AESKeyLength)
rand.Reader.Read(key)
// 0123456789ABCDEF
var ptext = []byte("a 16 byte messag")
encrypted, encErr := primitives.CBCPKCS7Encrypt(key, ptext)
if encErr != nil {
t.Fatalf("Error encrypting ptext %v", encErr)
}
decrypted, dErr := primitives.CBCDecrypt(key, encrypted)
if dErr != nil {
t.Fatalf("Error encrypting ptext %v, %v", dErr, decrypted)
}
if string(ptext[:]) != string(decrypted[:aes.BlockSize]) {
t.Log("ptext: ", ptext)
t.Log("decrypted: ", decrypted[:aes.BlockSize])
t.Fatal("Encryption->Decryption with same key should result in original ptext")
}
if !bytes.Equal(decrypted[aes.BlockSize:], bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize)) {
t.Fatal("Expected extra block with padding in encrypted ptext", decrypted)
}
}
func TestCBCEncryptCBCDecrypt(t *testing.T) {
// Encrypt with CBCEncrypt and Decrypt with CBCDecrypt
key := make([]byte, 32)
rand.Reader.Read(key)
var msg = []byte("a 16 byte messag")
encrypted, encErr := primitives.CBCEncrypt(key, msg)
if encErr != nil {
t.Fatalf("Error encrypting message %v", encErr)
}
decrypted, dErr := primitives.CBCDecrypt(key, encrypted)
if dErr != nil {
t.Fatalf("Error encrypting message %v", dErr)
}
if string(msg[:]) != string(decrypted[:]) {
t.Fatal("Encryption->Decryption with same key should result in original message")
}
}
func TestCBCPKCS7EncryptCBCDecrypt_ExpectingCorruptMessage(t *testing.T) {
// When encrypting a message that does not need padding, i.e. a message
// whose length is a multiple of the block size, with CBCPKCS7Encrypt, it
// can be decrypted with CBCDecrypt but the returned message is corrupted.
//
// The intend of this test is to document this behaviour for clarity.
//
// The reason is that the section 10.3 Note 2 in #PKCS7 states that
// an extra block is appended to the message for padding. Since this
// extra block is added when using CBCPKCS7Encrypt for encryption,
// CBCDecrypt returns the original message plus this extra block.
//
// Note:
// the same applies for messages of arbitrary length.
key := make([]byte, 32)
rand.Reader.Read(key)
// 0123456789ABCDEF
var msg = []byte("a 16 byte messag")
encrypted, encErr := primitives.CBCPKCS7Encrypt(key, msg)
if encErr != nil {
t.Fatalf("Error encrypting message %v", encErr)
}
decrypted, dErr := primitives.CBCDecrypt(key, encrypted)
if dErr != nil {
t.Fatalf("Error encrypting message %v, %v", dErr, decrypted)
}
if string(msg[:]) != string(decrypted[:aes.BlockSize]) {
t.Log("msg: ", msg)
t.Log("decrypted: ", decrypted[:aes.BlockSize])
t.Fatal("Encryption->Decryption with same key should result in original message")
}
if !bytes.Equal(decrypted[aes.BlockSize:], bytes.Repeat([]byte{byte(aes.BlockSize)}, aes.BlockSize)) {
t.Fatal("Expected extra block with padding in encrypted message", decrypted)
}
}
// TestCBCEncryptCBCDecrypt encrypts with CBCEncrypt and decrypt with CBCDecrypt.
func TestCBCEncryptCBCDecrypt(t *testing.T) {
key := make([]byte, primitives.AESKeyLength)
rand.Reader.Read(key)
// 1234567890123456
var ptext = []byte("a 16 byte messag")
encrypted, encErr := primitives.CBCEncrypt(key, ptext)
if encErr != nil {
t.Fatalf("Error encrypting '%s': %v", ptext, encErr)
}
decrypted, decErr := primitives.CBCDecrypt(key, encrypted)
if decErr != nil {
t.Fatalf("Error decrypting '%s': %v", ptext, decErr)
}
if string(ptext[:]) != string(decrypted[:]) {
t.Fatal("Encryption->Decryption with same key should result in the original plaintext.")
}
}
func TestCBCEncryptCBCDecrypt_KeyMismatch(t *testing.T) {
defer func() {
recover()
}()
key := make([]byte, 32)
rand.Reader.Read(key)
decryptionKey := make([]byte, 32)
copy(decryptionKey, key[:])
decryptionKey[0] = key[0] + 1
var msg = []byte("a message to be encrypted")
encrypted, _ := primitives.CBCEncrypt(key, msg)
decrypted, _ := primitives.CBCDecrypt(decryptionKey, encrypted)
if string(msg[:]) == string(decrypted[:]) {
t.Fatal("Encryption->Decryption with different keys shouldn't return original message")
}
}
