// TestAESRelatedUtilFunctions tests various functions commonly used in fabric wrt AES func TestAESRelatedUtilFunctions(t *testing.T) { key, err := GenAESKey() if err != nil { t.Fatalf("Failed generating AES key [%s]", err) } for i := 1; i < 100; i++ { len, err := rand.Int(rand.Reader, big.NewInt(1024)) if err != nil { t.Fatalf("Failed generating AES key [%s]", err) } msg, err := primitives.GetRandomBytes(int(len.Int64()) + 1) if err != nil { t.Fatalf("Failed generating AES key [%s]", err) } ct, err := CBCPKCS7Encrypt(key, msg) if err != nil { t.Fatalf("Failed encrypting [%s]", err) } msg2, err := CBCPKCS7Decrypt(key, ct) if err != nil { t.Fatalf("Failed decrypting [%s]", err) } if 0 != bytes.Compare(msg, msg2) { t.Fatalf("Wrong decryption output [%x][%x]", msg, msg2) } } }
func TestAES256GSMSPIDencryption(t *testing.T) { spi := NewAES256GSMSPI() // Generate Key key, err := spi.GenerateKey() if err != nil { t.Fatalf("Failed generating key [%s]", err) } if key.GetRand() == nil { t.Fatalf("Nil random generator in key.") } // Encrypt sc, err := spi.NewStreamCipherForDecryptionFromKey(key) if err != nil { t.Fatalf("Failed NewStreamCipherForDecryptionFromKey [%s]", err) } _, err = sc.Process(nil) if err == nil { t.Fatalf("Decryption should fail on nil") } _, err = sc.Process([]byte{0, 1, 2}) if err == nil { t.Fatalf("Decryption should fail on invalid ciphertext") } randCt, err := primitives.GetRandomBytes(45) if err != nil { t.Fatalf("Failed generating random bytes [%s]", err) } _, err = sc.Process(randCt) if err == nil { t.Fatalf("Decryption should fail on invalid ciphertext") } }
func (spi *aes256GCMStreamCipherSPIImpl) GenerateKeyAndSerialize() (primitives.SecretKey, []byte, error) { key, err := primitives.GetRandomBytes(32) if err != nil { return nil, nil, err } return &aesSecretKeyImpl{key, rand.Reader}, utils.Clone(key), nil }
func (spi *aes256GCMStreamCipherSPIImpl) GenerateKey() (primitives.SecretKey, error) { key, err := primitives.GetRandomBytes(32) if err != nil { return nil, err } return &aesSecretKeyImpl{key, rand.Reader}, nil }
func (se *queryStateEncryptor) Encrypt(msg []byte) ([]byte, error) { nonce, err := primitives.GetRandomBytes(se.nonceSize) if err != nil { se.node.Errorf("Failed getting randomness [%s].", err.Error()) return nil, err } // Seal will append the output to the first argument; the usage // here appends the ciphertext to the nonce. The final parameter // is any additional data to be authenticated. out := se.gcmEnc.Seal(nonce, nonce, msg, nil) return out, nil }
func TestAES256GSMSPI(t *testing.T) { spi := NewAES256GSMSPI() // Gen Key // Invalid Key keyRaw, err := primitives.GetRandomBytes(45) if err != nil { t.Fatalf("Failed generating random bytes [%s]", err) } key, err := spi.NewSecretKey(rand.Reader, keyRaw) if err == nil { t.Fatalf("Generating key should fail on invalid key length") } key, err = spi.NewSecretKey(rand.Reader, rand.Reader) if err == nil { t.Fatalf("Generating key should fail on invalid key length") } // Valid Key keyRaw, err = primitives.GetRandomBytes(32) if err != nil { t.Fatalf("Failed generating random bytes [%s]", err) } key, err = spi.NewSecretKey(rand.Reader, keyRaw) if err != nil { t.Fatalf("Failed generating key [%s]", err) } if key.GetRand() == nil { t.Fatalf("Nil random generator in key.") } // Serialize, Deserialize keySer, err := spi.SerializeSecretKey(key) if err != nil { t.Fatalf("Failed serializing key [%s]", err) } key, err = spi.DeserializeSecretKey(keySer) if err != nil { t.Fatalf("Failed deserializing key [%s]", err) } if reflect.DeepEqual(key, keyRaw) { t.Fatalf("Deserialization failed to recover the original key [%x][%x]", keyRaw, key) } // Encrypt msg := []byte("Hellow World") sc, err := spi.NewStreamCipherForEncryptionFromKey(key) if err != nil { t.Fatalf("Failed NewStreamCipherForEncryptionFromKey [%s]", err) } ct, err := sc.Process(msg) if err != nil { t.Fatalf("Failed encrypting plaintext [%s]", err) } // Decrypt sc, err = spi.NewStreamCipherForDecryptionFromKey(key) if err != nil { t.Fatalf("Failed NewStreamCipherForDecryptionFromKey [%s]", err) } msg2, err := sc.Process(ct) if err != nil { t.Fatalf("Failed decrypting ciphertext [%s]", err) } // Test msg2 is equal to msg if !reflect.DeepEqual(msg2, msg) { t.Fatalf("Failed decrypting the right value [%x][%x]", msg, msg2) } sc, err = spi.NewStreamCipherForDecryptionFromSerializedKey(keySer) if err != nil { t.Fatalf("Failed NewStreamCipherForDecryptionFromSerializedKey [%s]", err) } msg2, err = sc.Process(ct) if err != nil { t.Fatalf("Failed decrypting ciphertext [%s]", err) } // Test msg2 is equal to msg if !reflect.DeepEqual(msg2, msg) { t.Fatalf("Failed decrypting the right value [%x][%x]", msg, msg2) } }
func (sc *aes256GCMStreamCipherImpl) generateNonce() ([]byte, error) { return primitives.GetRandomBytes(sc.nonceSize) }
// GenAESKey returns a random AES key of length AESKeyLength func GenAESKey() ([]byte, error) { return primitives.GetRandomBytes(AESKeyLength) }