blob: d06005178473138864210f588e020c23dae909bb [file] [log] [blame]
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/third_party/quiche/src/quic/core/crypto/crypto_secret_boxer.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_random.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_string.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_test.h"
namespace quic {
namespace test {
class CryptoSecretBoxerTest : public QuicTest {};
TEST_F(CryptoSecretBoxerTest, BoxAndUnbox) {
QuicStringPiece message("hello world");
CryptoSecretBoxer boxer;
boxer.SetKeys({QuicString(CryptoSecretBoxer::GetKeySize(), 0x11)});
const QuicString box = boxer.Box(QuicRandom::GetInstance(), message);
QuicString storage;
QuicStringPiece result;
EXPECT_TRUE(boxer.Unbox(box, &storage, &result));
EXPECT_EQ(result, message);
EXPECT_FALSE(boxer.Unbox(QuicString(1, 'X') + box, &storage, &result));
EXPECT_FALSE(boxer.Unbox(box.substr(1, QuicString::npos), &storage, &result));
EXPECT_FALSE(boxer.Unbox(QuicString(), &storage, &result));
EXPECT_FALSE(boxer.Unbox(
QuicString(1, box[0] ^ 0x80) + box.substr(1, QuicString::npos), &storage,
&result));
}
// Helper function to test whether one boxer can decode the output of another.
static bool CanDecode(const CryptoSecretBoxer& decoder,
const CryptoSecretBoxer& encoder) {
QuicStringPiece message("hello world");
const QuicString boxed = encoder.Box(QuicRandom::GetInstance(), message);
QuicString storage;
QuicStringPiece result;
bool ok = decoder.Unbox(boxed, &storage, &result);
if (ok) {
EXPECT_EQ(result, message);
}
return ok;
}
TEST_F(CryptoSecretBoxerTest, MultipleKeys) {
QuicString key_11(CryptoSecretBoxer::GetKeySize(), 0x11);
QuicString key_12(CryptoSecretBoxer::GetKeySize(), 0x12);
CryptoSecretBoxer boxer_11, boxer_12, boxer;
boxer_11.SetKeys({key_11});
boxer_12.SetKeys({key_12});
boxer.SetKeys({key_12, key_11});
// Neither single-key boxer can decode the other's tokens.
EXPECT_FALSE(CanDecode(boxer_11, boxer_12));
EXPECT_FALSE(CanDecode(boxer_12, boxer_11));
// |boxer| encodes with the first key, which is key_12.
EXPECT_TRUE(CanDecode(boxer_12, boxer));
EXPECT_FALSE(CanDecode(boxer_11, boxer));
// The boxer with both keys can decode tokens from either single-key boxer.
EXPECT_TRUE(CanDecode(boxer, boxer_11));
EXPECT_TRUE(CanDecode(boxer, boxer_12));
// After we flush key_11 from |boxer|, it can no longer decode tokens from
// |boxer_11|.
boxer.SetKeys({key_12});
EXPECT_FALSE(CanDecode(boxer, boxer_11));
}
} // namespace test
} // namespace quic