File: HPKETests.swift

package info (click to toggle)
swiftlang 6.0.3-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,519,992 kB
  • sloc: cpp: 9,107,863; ansic: 2,040,022; asm: 1,135,751; python: 296,500; objc: 82,456; f90: 60,502; lisp: 34,951; pascal: 19,946; sh: 18,133; perl: 7,482; ml: 4,937; javascript: 4,117; makefile: 3,840; awk: 3,535; xml: 914; fortran: 619; cs: 573; ruby: 573
file content (108 lines) | stat: -rw-r--r-- 5,163 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
//===----------------------------------------------------------------------===//
//
// This source file is part of the SwiftCrypto open source project
//
// Copyright (c) 2019-2020 Apple Inc. and the SwiftCrypto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.md for the list of SwiftCrypto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
import Foundation
import XCTest

#if CRYPTO_IN_SWIFTPM && !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
// Skip tests that require @testable imports of CryptoKit.
#else
#if !CRYPTO_IN_SWIFTPM_FORCE_BUILD_API
@testable import CryptoKit
#else
@testable import Crypto
#endif

class HPKETests: XCTestCase {
    func testCases() throws {
        let ciphersuitesToTest = [HPKE.Ciphersuite.P256_SHA256_AES_GCM_256, .P384_SHA384_AES_GCM_256, .P521_SHA512_AES_GCM_256, .Curve25519_SHA256_ChachaPoly]
        
        for ciphersuite in ciphersuitesToTest {
            try testCiphersuite(ciphersuite)
        }
    }
    
    func testMismatchedKEM() {
        let skR = P256.KeyAgreement.PrivateKey()
        XCTAssertThrowsError(try HPKE.Sender(recipientKey: skR.publicKey, ciphersuite: .P384_SHA384_AES_GCM_256, info: Data()))
    }
        
    func testCiphersuite(_ ciphersuite: HPKE.Ciphersuite) throws {
        switch ciphersuite.kem {
        case .P256_HKDF_SHA256:
            try testCiphersuite(ciphersuite, withKeys: P256.KeyAgreement.PrivateKey.self)
        case .P384_HKDF_SHA384:
            try testCiphersuite(ciphersuite, withKeys: P384.KeyAgreement.PrivateKey.self)
        case .P521_HKDF_SHA512:
            try testCiphersuite(ciphersuite, withKeys: P521.KeyAgreement.PrivateKey.self)
        case .Curve25519_HKDF_SHA256:
            try testCiphersuite(ciphersuite, withKeys: Curve25519.KeyAgreement.PrivateKey.self)
        }
        
    }
    
    func testCiphersuite<SK: HPKEDiffieHellmanPrivateKey>(_ c: HPKE.Ciphersuite, withKeys: SK.Type) throws {
        let skS = SK.PublicKey.EphemeralPrivateKey()
        let skR = SK.PublicKey.EphemeralPrivateKey()
        let info = Data("Some Test Data".utf8)
        
        let psk = SymmetricKey(size: .bits256)
        let pskID = Data(SHA256.hash(data: info))
        
        // Testing base mode
        var sender = try HPKE.Sender(recipientKey: skR.publicKey, ciphersuite: c, info: info)
        var recipient = try HPKE.Recipient(privateKey: skR, ciphersuite: c, info: info, encapsulatedKey: sender.encapsulatedKey)
        XCTAssertNoThrow(try testSenderRecipient(sender: &sender, recipient: &recipient))
        
        // Testing auth mode
        sender = try HPKE.Sender(recipientKey: skR.publicKey, ciphersuite: c, info: info, authenticatedBy: skS)
        recipient = try HPKE.Recipient(privateKey: skR, ciphersuite: c, info: info, encapsulatedKey: sender.encapsulatedKey, authenticatedBy: skS.publicKey)
        XCTAssertNoThrow(try testSenderRecipient(sender: &sender, recipient: &recipient))
        
        // Testing psk mode
        sender = try HPKE.Sender(recipientKey: skR.publicKey, ciphersuite: c, info: info, presharedKey: psk, presharedKeyIdentifier: pskID)
        recipient = try HPKE.Recipient(privateKey: skR, ciphersuite: c, info: info, encapsulatedKey: sender.encapsulatedKey, presharedKey: psk, presharedKeyIdentifier: pskID)
        XCTAssertNoThrow(try testSenderRecipient(sender: &sender, recipient: &recipient))
        
        // Testing auth_psk mod
        sender = try HPKE.Sender(recipientKey: skR.publicKey, ciphersuite: c, info: info, authenticatedBy: skS, presharedKey: psk, presharedKeyIdentifier: pskID)
        recipient = try HPKE.Recipient(privateKey: skR, ciphersuite: c, info: info, encapsulatedKey: sender.encapsulatedKey, authenticatedBy: skS.publicKey, presharedKey: psk, presharedKeyIdentifier: pskID)
        XCTAssertNoThrow(try testSenderRecipient(sender: &sender, recipient: &recipient))
    }
    
    func testSenderRecipient(sender: inout HPKE.Sender, recipient: inout HPKE.Recipient) throws {
        let msg = Data("Some Other Data".utf8)
        let aad = Data("Some Authenticated Data".utf8)
        XCTAssertEqual(sender.exporterSecret, recipient.exporterSecret)
        
        for _ in 0...100 {
            let ct = try sender.seal(msg, authenticating: msg)
            let pt = try recipient.open(ct, authenticating: msg)
            XCTAssertEqual(pt, msg)
        }
        
        var ct = try sender.seal(msg, authenticating: aad)
        XCTAssertEqual(try recipient.open(ct, authenticating: aad), msg)
        XCTAssertThrowsError(try recipient.open(ct, authenticating: aad))
        
        ct = try sender.seal(msg, authenticating: aad)
        XCTAssertEqual(try recipient.open(ct, authenticating: aad), msg)
        
        let aad2 = Data("inconsistentAAD".utf8)
        ct = try sender.seal(msg, authenticating: aad2)
        XCTAssertThrowsError(try recipient.open(ct, authenticating: aad))
        XCTAssertEqual(try recipient.open(ct, authenticating: aad2), msg)
    }
}

#endif // CRYPTO_IN_SWIFTPM