From ae277dd000254c2df9f6cc51dbb70dff1ea55aa2 Mon Sep 17 00:00:00 2001 From: Sree Kuchibhotla Date: Wed, 7 Mar 2018 14:35:36 -0800 Subject: Revert "Add ALTS C stack to gRPC core" --- test/core/tsi/BUILD | 2 +- test/core/tsi/alts/crypt/BUILD | 38 - test/core/tsi/alts/crypt/aes_gcm_test.cc | 2105 -------------------- test/core/tsi/alts/crypt/gsec_test_util.cc | 87 - test/core/tsi/alts/crypt/gsec_test_util.h | 91 - test/core/tsi/alts/frame_protector/BUILD | 60 - .../tsi/alts/frame_protector/alts_counter_test.cc | 180 -- .../tsi/alts/frame_protector/alts_crypter_test.cc | 493 ----- .../frame_protector/alts_frame_protector_test.cc | 394 ---- .../tsi/alts/frame_protector/frame_handler_test.cc | 244 --- test/core/tsi/alts/handshaker/BUILD | 78 - .../alts/handshaker/alts_handshaker_client_test.cc | 412 ---- .../handshaker/alts_handshaker_service_api_test.cc | 149 -- .../alts_handshaker_service_api_test_lib.cc | 642 ------ .../alts_handshaker_service_api_test_lib.h | 143 -- .../alts/handshaker/alts_tsi_handshaker_test.cc | 682 ------- .../tsi/alts/handshaker/alts_tsi_utils_test.cc | 73 - .../transport_security_common_api_test.cc | 196 -- test/core/tsi/alts/zero_copy_frame_protector/BUILD | 49 - .../alts_grpc_record_protocol_test.cc | 449 ----- .../alts_iovec_record_protocol_test.cc | 928 --------- .../alts_zero_copy_grpc_protector_test.cc | 289 --- test/core/tsi/fake_transport_security_test.cc | 2 +- test/core/tsi/ssl_transport_security_test.cc | 2 +- test/core/tsi/transport_security_test_lib.cc | 224 +-- test/core/tsi/transport_security_test_lib.h | 89 +- 26 files changed, 94 insertions(+), 8007 deletions(-) delete mode 100644 test/core/tsi/alts/crypt/BUILD delete mode 100644 test/core/tsi/alts/crypt/aes_gcm_test.cc delete mode 100644 test/core/tsi/alts/crypt/gsec_test_util.cc delete mode 100644 test/core/tsi/alts/crypt/gsec_test_util.h delete mode 100644 test/core/tsi/alts/frame_protector/BUILD delete mode 100644 test/core/tsi/alts/frame_protector/alts_counter_test.cc delete mode 100644 test/core/tsi/alts/frame_protector/alts_crypter_test.cc delete mode 100644 test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc delete mode 100644 test/core/tsi/alts/frame_protector/frame_handler_test.cc delete mode 100644 test/core/tsi/alts/handshaker/BUILD delete mode 100644 test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc delete mode 100644 test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc delete mode 100644 test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc delete mode 100644 test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h delete mode 100644 test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc delete mode 100644 test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc delete mode 100644 test/core/tsi/alts/handshaker/transport_security_common_api_test.cc delete mode 100644 test/core/tsi/alts/zero_copy_frame_protector/BUILD delete mode 100644 test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc delete mode 100644 test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc delete mode 100644 test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc (limited to 'test/core/tsi') diff --git a/test/core/tsi/BUILD b/test/core/tsi/BUILD index 8ac3e7687c..e28c0b5f84 100644 --- a/test/core/tsi/BUILD +++ b/test/core/tsi/BUILD @@ -16,7 +16,7 @@ load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_c licenses(["notice"]) # Apache v2 -grpc_package(name = "test/core/tsi", visibility = "public") +grpc_package(name = "test/core/tsi") grpc_cc_library( name = "transport_security_test_lib", diff --git a/test/core/tsi/alts/crypt/BUILD b/test/core/tsi/alts/crypt/BUILD deleted file mode 100644 index 0057d7f6e6..0000000000 --- a/test/core/tsi/alts/crypt/BUILD +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "crypt", visibility = "public") - -grpc_cc_library( - name = "alts_crypt_test_util", - srcs = ["gsec_test_util.cc"], - hdrs = ["gsec_test_util.h"], - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_crypt_test", - srcs = ["aes_gcm_test.cc"], - language = "C++", - deps = [ - ":alts_crypt_test_util", - "//:grpc", - ], -) diff --git a/test/core/tsi/alts/crypt/aes_gcm_test.cc b/test/core/tsi/alts/crypt/aes_gcm_test.cc deleted file mode 100644 index 576dd8f27b..0000000000 --- a/test/core/tsi/alts/crypt/aes_gcm_test.cc +++ /dev/null @@ -1,2105 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "src/core/tsi/alts/crypt/gsec.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -#include -#include - -const size_t kTestMinTagLengthForCorruption = 8; -const size_t kTestNumCrypters = 3; -const size_t kTestMaxSlices = 5; -const size_t kTestMaxLength = 1024; -const size_t kTestNumEncryptions = 100; - -/* Struct for pre-generated test vector */ -typedef struct gsec_aead_test_vector { - uint8_t* nonce; - uint8_t* aad; - uint8_t* key; - uint8_t* plaintext; - uint8_t* ciphertext_and_tag; - size_t nonce_length; - size_t aad_length; - size_t key_length; - size_t plaintext_length; - size_t ciphertext_and_tag_length; -} gsec_aead_test_vector; - -static void gsec_randomly_slice(uint8_t* input, size_t input_length, - struct iovec** output, size_t* output_length) { - if (input_length == 0) { - *output = nullptr; - *output_length = 0; - return; - } - *output_length = gsec_test_bias_random_uint32(kTestMaxSlices) + 1; - *output = - static_cast(malloc(*output_length * sizeof(**output))); - size_t i; - for (i = 0; i < *output_length - 1; i++) { - size_t slice_length = - gsec_test_bias_random_uint32(static_cast(input_length)); - struct iovec slice = {input, slice_length}; - (*output)[i] = slice; - input += slice_length; - input_length -= slice_length; - } - struct iovec slice = {input, input_length}; - (*output)[*output_length - 1] = slice; -} - -static void gsec_assert_ok(grpc_status_code status, const char* error_detail) { - char empty_string[] = ""; - if (error_detail == nullptr) { - error_detail = empty_string; - } - if (status != GRPC_STATUS_OK) { - fprintf(stderr, "Status is not ok: %s\n", error_detail); - } - GPR_ASSERT(status == GRPC_STATUS_OK); -} - -static void gsec_test_random_encrypt_decrypt(gsec_aead_crypter* crypter, - size_t aad_length, - size_t message_length) { - GPR_ASSERT(crypter != nullptr); - size_t nonce_length, tag_length; - uint8_t *nonce, *aad, *message; - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr); - - gsec_test_random_array(&nonce, nonce_length); - gsec_test_random_array(&aad, aad_length); - gsec_test_random_array(&message, message_length); - - /* Test encryption */ - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &ciphertext_and_tag_length, nullptr); - - uint8_t* ciphertext_and_tag = - static_cast(gpr_malloc(ciphertext_and_tag_length)); - - char* error_buffer = nullptr; - gsec_assert_ok( - gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, aad, aad_length, - message, message_length, ciphertext_and_tag, - ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_buffer), - error_buffer); - GPR_ASSERT(message_length + tag_length == ciphertext_and_tag_length); - GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length); - - /* Test decryption */ - size_t plaintext_length, plaintext_bytes_written = 0; - gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_bytes_written, - &plaintext_length, nullptr); - uint8_t* plaintext = static_cast(gpr_malloc(plaintext_length)); - grpc_status_code status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_bytes_written, plaintext, plaintext_length, - &plaintext_bytes_written, nullptr); - - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(message_length == plaintext_bytes_written); - GPR_ASSERT(memcmp(message, plaintext, message_length) == 0); - - /** - * The returned plaintext will be zeroed if there was an authentication error. - */ - uint8_t* zero_message = static_cast(gpr_zalloc(plaintext_length)); - if (tag_length >= kTestMinTagLengthForCorruption) { - char* error_message; - /* Corrupt nonce */ - if (nonce_length > 0) { - plaintext_bytes_written = 0; - uint8_t* corrupt_nonce; - gsec_test_copy_and_alter_random_byte(nonce, &corrupt_nonce, nonce_length); - status = gsec_aead_crypter_decrypt( - crypter, corrupt_nonce, nonce_length, aad, aad_length, - ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, "Checking tag failed.", - error_message)); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - gpr_free(corrupt_nonce); - gpr_free(error_message); - } - - /* Corrupt ciphertext_and_tag */ - plaintext_bytes_written = 0; - uint8_t* corrupt_ciphertext_and_tag; - gsec_test_copy_and_alter_random_byte(ciphertext_and_tag, - &corrupt_ciphertext_and_tag, - ciphertext_and_tag_length); - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, - corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - gpr_free(error_message); - gpr_free(corrupt_ciphertext_and_tag); - - /* Corrupt start of ciphertext_and_tag */ - plaintext_bytes_written = 0; - gsec_test_copy(ciphertext_and_tag, &corrupt_ciphertext_and_tag, - ciphertext_and_tag_length); - (*corrupt_ciphertext_and_tag)++; - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, - corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - gpr_free(error_message); - gpr_free(corrupt_ciphertext_and_tag); - - /* Corrupt end of ciphertext_and_tag */ - plaintext_bytes_written = 0; - gsec_test_copy(ciphertext_and_tag, &corrupt_ciphertext_and_tag, - ciphertext_and_tag_length); - (*(corrupt_ciphertext_and_tag + ciphertext_and_tag_length - 1))++; - - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, - corrupt_ciphertext_and_tag, ciphertext_bytes_written, plaintext, - plaintext_length, &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(plaintext_bytes_written == 0); - GPR_ASSERT(memcmp(zero_message, plaintext, plaintext_length) == 0); - gpr_free(error_message); - gpr_free(corrupt_ciphertext_and_tag); - } - - gpr_free(zero_message); - gpr_free(nonce); - gpr_free(aad); - gpr_free(message); - gpr_free(plaintext); - gpr_free(ciphertext_and_tag); -} - -static void gsec_test_encrypt_decrypt(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t aad_length, message_length; - aad_length = gsec_test_bias_random_uint32(kTestMaxLength); - message_length = gsec_test_bias_random_uint32(kTestMaxLength); - gsec_test_random_encrypt_decrypt(crypter, aad_length, message_length); - gsec_test_random_encrypt_decrypt(crypter, 0, message_length); - gsec_test_random_encrypt_decrypt(crypter, aad_length, 0); -} - -static void gsec_test_multiple_random_encrypt_decrypt( - gsec_aead_crypter* crypter, size_t* aad_lengths, size_t* message_lengths, - size_t count) { - GPR_ASSERT(crypter != nullptr); - size_t nonce_length, tag_length; - uint8_t **nonces, **aads, **messages; - nonces = static_cast(gpr_malloc(sizeof(uint8_t*) * count)); - aads = static_cast(gpr_malloc(sizeof(uint8_t*) * count)); - messages = static_cast(gpr_malloc(sizeof(uint8_t*) * count)); - - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr); - - size_t ind; - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - gsec_test_random_array(&(nonces[ind]), nonce_length); - gsec_test_random_array(&(aads[ind]), aad_length); - gsec_test_random_array(&(messages[ind]), message_length); - } - - size_t* ciphertext_and_tag_lengths = - static_cast(gpr_malloc(sizeof(size_t) * count)); - size_t* ciphertext_bytes_writtens = - static_cast(gpr_malloc(sizeof(size_t) * count)); - size_t* plaintext_lengths = - static_cast(gpr_malloc(sizeof(size_t) * count)); - size_t* plaintext_bytes_writtens = - static_cast(gpr_malloc(sizeof(size_t) * count)); - uint8_t** ciphertext_and_tags = - static_cast(gpr_malloc(sizeof(uint8_t*) * count)); - uint8_t** plaintexts = - static_cast(gpr_malloc(sizeof(uint8_t*) * count)); - - /* Do encryption */ - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &(ciphertext_and_tag_lengths[ind]), nullptr); - ciphertext_and_tags[ind] = - static_cast(gpr_malloc(ciphertext_and_tag_lengths[ind])); - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, nonces[ind], nonce_length, aads[ind], aad_length, - messages[ind], message_length, ciphertext_and_tags[ind], - ciphertext_and_tag_lengths[ind], &(ciphertext_bytes_writtens[ind]), - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(message_length + tag_length == ciphertext_and_tag_lengths[ind]); - GPR_ASSERT(ciphertext_bytes_writtens[ind] == - ciphertext_and_tag_lengths[ind]); - } - /* Do Decryption */ - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - gsec_aead_crypter_max_plaintext_length(crypter, - ciphertext_bytes_writtens[ind], - &(plaintext_lengths[ind]), nullptr); - plaintexts[ind] = static_cast(gpr_malloc(plaintext_lengths[ind])); - grpc_status_code status = gsec_aead_crypter_decrypt( - crypter, nonces[ind], nonce_length, aads[ind], aad_length, - ciphertext_and_tags[ind], ciphertext_bytes_writtens[ind], - plaintexts[ind], plaintext_lengths[ind], - &(plaintext_bytes_writtens[ind]), nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(message_length == plaintext_bytes_writtens[ind]); - GPR_ASSERT(memcmp(messages[ind], plaintexts[ind], message_length) == 0); - } - - /* Slice the plaintext and encrypt with iovecs */ - for (ind = 0; ind < count; ind++) { - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - struct iovec* aad_vecs = nullptr; - size_t aad_vecs_length = 0; - gsec_randomly_slice(aads[ind], aad_length, &aad_vecs, &aad_vecs_length); - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - struct iovec* message_vecs = nullptr; - size_t message_vecs_length = 0; - gsec_randomly_slice(messages[ind], message_length, &message_vecs, - &message_vecs_length); - - size_t ciphertext_length = ciphertext_and_tag_lengths[ind]; - uint8_t* another_ciphertext = - static_cast(malloc(ciphertext_length)); - struct iovec another_ciphertext_vec = {another_ciphertext, - ciphertext_length}; - - char* error_details = nullptr; - size_t ciphertext_bytes_written = 0; - gsec_assert_ok( - gsec_aead_crypter_encrypt_iovec( - crypter, nonces[ind], nonce_length, aad_vecs, aad_vecs_length, - message_vecs, message_vecs_length, another_ciphertext_vec, - &ciphertext_bytes_written, &error_details), - error_details); - GPR_ASSERT(memcmp(ciphertext_and_tags[ind], another_ciphertext_vec.iov_base, - ciphertext_length) == 0); - free(another_ciphertext); - free(aad_vecs); - free(message_vecs); - } - - /* Slice the ciphertext and decrypt with iovecs */ - for (ind = 0; ind < count; ind++) { - size_t message_length = - (message_lengths == nullptr) ? 0 : message_lengths[ind]; - message_length = message_length + 0; - - size_t aad_length = (aad_lengths == nullptr) ? 0 : aad_lengths[ind]; - - struct iovec* aad_vecs = nullptr; - size_t aad_vecs_length = 0; - gsec_randomly_slice(aads[ind], aad_length, &aad_vecs, &aad_vecs_length); - - struct iovec* ciphertext_vecs = nullptr; - size_t ciphertext_vecs_length = 0; - gsec_randomly_slice(ciphertext_and_tags[ind], - ciphertext_bytes_writtens[ind], &ciphertext_vecs, - &ciphertext_vecs_length); - - size_t decrypted_length = plaintext_lengths[ind]; - uint8_t* decrypted = static_cast(malloc(decrypted_length)); - struct iovec decrypted_vec = {decrypted, decrypted_length}; - - char* error_details = nullptr; - gsec_assert_ok(gsec_aead_crypter_decrypt_iovec( - crypter, nonces[ind], nonce_length, aad_vecs, - aad_vecs_length, ciphertext_vecs, ciphertext_vecs_length, - decrypted_vec, &decrypted_length, &error_details), - error_details); - GPR_ASSERT(decrypted_vec.iov_len == message_length); - GPR_ASSERT(memcmp(decrypted_vec.iov_base, messages[ind], message_length) == - 0); - free(decrypted); - free(aad_vecs); - free(ciphertext_vecs); - } - - for (ind = 0; ind < count; ind++) { - gpr_free(nonces[ind]); - gpr_free(aads[ind]); - gpr_free(messages[ind]); - gpr_free(ciphertext_and_tags[ind]); - gpr_free(plaintexts[ind]); - } - gpr_free(nonces); - gpr_free(aads); - gpr_free(messages); - gpr_free(ciphertext_and_tag_lengths); - gpr_free(ciphertext_bytes_writtens); - gpr_free(plaintext_lengths); - gpr_free(plaintext_bytes_writtens); - gpr_free(ciphertext_and_tags); - gpr_free(plaintexts); -} - -static void gsec_test_multiple_encrypt_decrypt(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t count = kTestNumEncryptions; - size_t* aad_lengths = - static_cast(gpr_malloc(sizeof(size_t) * count)); - size_t* message_lengths = - static_cast(gpr_malloc(sizeof(size_t) * count)); - size_t ind; - for (ind = 0; ind < count; ind++) { - aad_lengths[ind] = gsec_test_bias_random_uint32(kTestMaxLength); - message_lengths[ind] = gsec_test_bias_random_uint32(kTestMaxLength); - } - gsec_test_multiple_random_encrypt_decrypt(crypter, aad_lengths, - message_lengths, count); - gsec_test_multiple_random_encrypt_decrypt(crypter, aad_lengths, nullptr, - count); - gsec_test_multiple_random_encrypt_decrypt(crypter, nullptr, message_lengths, - count); - gpr_free(aad_lengths); - gpr_free(message_lengths); -} - -static void gsec_test_encryption_failure(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t aad_length = kTestMaxLength; - size_t message_length = kTestMaxLength; - size_t nonce_length; - - char* error_message; - uint8_t *nonce, *aad, *message; - - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_test_random_array(&nonce, nonce_length); - gsec_test_random_array(&aad, aad_length); - gsec_test_random_array(&message, message_length); - - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &ciphertext_and_tag_length, nullptr); - uint8_t* ciphertext_and_tag = - static_cast(gpr_malloc(ciphertext_and_tag_length)); - - /* nullptr nonce */ - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, nullptr, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer is nullptr.")); - gpr_free(error_message); - - /* Big nonce */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length + 1, aad, aad_length, message, - message_length, ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* Small nonce */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length - 1, aad, aad_length, message, - message_length, ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* nullptr aad */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, nullptr, aad_length, message, - message_length, ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "aad is nullptr.")); - gpr_free(error_message); - - /* nullptr aad with zero length */ - gsec_assert_ok( - gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, nullptr, 0, - message, message_length, ciphertext_and_tag, - ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message), - error_message); - - /* nullptr plaintext */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, nullptr, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "plaintext is nullptr.")); - gpr_free(error_message); - - /* nullptr ciphertext */ - status = gsec_aead_crypter_encrypt(crypter, nonce, nonce_length, aad, - aad_length, message, message_length, - nullptr, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is nullptr.")); - gpr_free(error_message); - - /* Short ciphertext */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length - 1, - &ciphertext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is too small to hold a tag.")); - gpr_free(error_message); - - /* nullptr ciphertext_bytes_written */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, nullptr, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "bytes_written is nullptr.")); - gpr_free(error_message); - - /* nullptr plaintext/ciphertext encrypt with zero length */ - gsec_assert_ok(gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, nullptr, 0, - ciphertext_and_tag, ciphertext_and_tag_length, - &ciphertext_bytes_written, &error_message), - error_message); - - /* Success */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(status == GRPC_STATUS_OK); - - gpr_free(message); - gpr_free(aad); - gpr_free(nonce); - gpr_free(ciphertext_and_tag); -} - -static void gsec_test_decryption_failure(gsec_aead_crypter* crypter) { - GPR_ASSERT(crypter != nullptr); - size_t aad_length = kTestMaxLength; - size_t message_length = kTestMaxLength; - size_t nonce_length, tag_length; - uint8_t *nonce, *aad, *message; - - gsec_aead_crypter_nonce_length(crypter, &nonce_length, nullptr); - gsec_aead_crypter_tag_length(crypter, &tag_length, nullptr); - gsec_test_random_array(&nonce, nonce_length); - gsec_test_random_array(&aad, aad_length); - gsec_test_random_array(&message, message_length); - - /* Test encryption */ - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, message_length, &ciphertext_and_tag_length, nullptr); - uint8_t* ciphertext_and_tag = - static_cast(gpr_malloc(ciphertext_and_tag_length)); - - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, aad, aad_length, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length); - - size_t plaintext_length, plaintext_bytes_written = 0; - gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_bytes_written, - &plaintext_length, nullptr); - uint8_t* plaintext = static_cast(gpr_malloc(plaintext_length)); - - char* error_message; - /* nullptr nonce */ - status = gsec_aead_crypter_decrypt( - crypter, nullptr, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer is nullptr.")); - gpr_free(error_message); - - /* Big nonce */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length + 1, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* Small nonce */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length - 1, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Nonce buffer has the wrong length.")); - gpr_free(error_message); - - /* nullptr aad */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, nullptr, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "aad is nullptr.")); - gpr_free(error_message); - - /* nullptr aad with zero length */ - status = gsec_aead_crypter_encrypt( - crypter, nonce, nonce_length, nullptr, 0, message, message_length, - ciphertext_and_tag, ciphertext_and_tag_length, &ciphertext_bytes_written, - &error_message); - GPR_ASSERT(status == GRPC_STATUS_OK); - - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, nullptr, 0, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - GPR_ASSERT(status == GRPC_STATUS_OK); - - /* Small ciphertext */ - if (tag_length > 0) { - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - tag_length - 1, plaintext, plaintext_length, &plaintext_bytes_written, - &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is too small to hold a tag.")); - gpr_free(error_message); - } - - /* nullptr ciphertext */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, nullptr, - ciphertext_and_tag_length, plaintext, plaintext_length, - &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "ciphertext is nullptr.")); - gpr_free(error_message); - - /* nullptr plaintext */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, nullptr, plaintext_length, - &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "plaintext is nullptr, but plaintext_length is positive.")); - gpr_free(error_message); - - /* Short plaintext */ - status = gsec_aead_crypter_decrypt( - crypter, nonce, nonce_length, aad, aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, plaintext_length - 1, - &plaintext_bytes_written, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Not enough plaintext buffer to hold encrypted ciphertext.")); - gpr_free(error_message); - - /* nullptr plaintext_bytes_written */ - status = gsec_aead_crypter_decrypt(crypter, nonce, nonce_length, aad, - aad_length, ciphertext_and_tag, - ciphertext_and_tag_length, plaintext, - plaintext_length, nullptr, &error_message); - - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "bytes_written is nullptr.")); - gpr_free(error_message); - - gpr_free(message); - gpr_free(plaintext); - gpr_free(ciphertext_and_tag); - gpr_free(aad); - gpr_free(nonce); -} - -static void gsec_test_encrypt_decrypt_test_vector( - gsec_aead_crypter* crypter, gsec_aead_test_vector* test_vector) { - GPR_ASSERT(crypter != nullptr); - /* Test byte-based encryption interface. */ - size_t ciphertext_and_tag_length, ciphertext_bytes_written = 0; - gsec_aead_crypter_max_ciphertext_and_tag_length( - crypter, test_vector->plaintext_length, &ciphertext_and_tag_length, - nullptr); - uint8_t* ciphertext_and_tag_bytes = - static_cast(gpr_malloc(ciphertext_and_tag_length)); - grpc_status_code status = gsec_aead_crypter_encrypt( - crypter, test_vector->nonce, test_vector->nonce_length, test_vector->aad, - test_vector->aad_length, test_vector->plaintext, - test_vector->plaintext_length, ciphertext_and_tag_bytes, - ciphertext_and_tag_length, &ciphertext_bytes_written, nullptr); - - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(ciphertext_bytes_written == ciphertext_and_tag_length); - GPR_ASSERT(memcmp(test_vector->ciphertext_and_tag, ciphertext_and_tag_bytes, - ciphertext_and_tag_length) == 0); - - /* Test byte-based decryption interface */ - size_t plaintext_length, plaintext_bytes_written = 0; - gsec_aead_crypter_max_plaintext_length(crypter, ciphertext_and_tag_length, - &plaintext_length, nullptr); - uint8_t* plaintext_bytes = - static_cast(gpr_malloc(plaintext_length)); - status = gsec_aead_crypter_decrypt( - crypter, test_vector->nonce, test_vector->nonce_length, test_vector->aad, - test_vector->aad_length, test_vector->ciphertext_and_tag, - test_vector->ciphertext_and_tag_length, plaintext_bytes, plaintext_length, - &plaintext_bytes_written, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(test_vector->plaintext, plaintext_bytes, - plaintext_bytes_written) == 0); - - gpr_free(ciphertext_and_tag_bytes); - gpr_free(plaintext_bytes); -} - -static void gsec_test_get_crypter_from_test_vector( - gsec_aead_crypter** crypter, gsec_aead_test_vector* test_vector, - bool rekey = false) { - size_t key_length = test_vector->key_length; - GPR_ASSERT(key_length == kAes128GcmKeyLength || - key_length == kAes256GcmKeyLength || - key_length == kAes128GcmRekeyKeyLength); - size_t nonce_length = test_vector->nonce_length; - GPR_ASSERT(nonce_length == kAesGcmNonceLength); - size_t plaintext_length = test_vector->plaintext_length; - size_t ciphertext_and_tag_length = test_vector->ciphertext_and_tag_length; - GPR_ASSERT(ciphertext_and_tag_length == plaintext_length + kAesGcmTagLength); - size_t tag_length = ciphertext_and_tag_length - plaintext_length; - gsec_aes_gcm_aead_crypter_create(test_vector->key, key_length, nonce_length, - tag_length, rekey, crypter, nullptr); -} - -static void gsec_test_verify_crypter_on_test_vector( - gsec_aead_test_vector* test_vector, bool rekey = false) { - gsec_aead_crypter* crypter; - gsec_test_get_crypter_from_test_vector(&crypter, test_vector, rekey); - gsec_test_encrypt_decrypt_test_vector(crypter, test_vector); - gsec_aead_crypter_destroy(crypter); -} - -static void gsec_aead_malloc_test_vector( - gsec_aead_test_vector** test_vector, const uint8_t* key, size_t key_length, - const uint8_t* nonce, size_t nonce_length, const uint8_t* aad, - size_t aad_length, const uint8_t* plaintext, size_t plaintext_length, - const uint8_t* ciphertext_and_tag, size_t ciphertext_and_tag_length) { - *test_vector = static_cast( - gpr_malloc(sizeof(gsec_aead_test_vector))); - (*test_vector)->key_length = key_length; - (*test_vector)->nonce_length = nonce_length; - (*test_vector)->aad_length = aad_length; - (*test_vector)->plaintext_length = plaintext_length; - (*test_vector)->ciphertext_and_tag_length = ciphertext_and_tag_length; - gsec_test_copy(key, &((*test_vector)->key), key_length); - gsec_test_copy(nonce, &((*test_vector)->nonce), nonce_length); - gsec_test_copy(aad, &((*test_vector)->aad), aad_length); - gsec_test_copy(plaintext, &((*test_vector)->plaintext), plaintext_length); - gsec_test_copy(ciphertext_and_tag, &((*test_vector)->ciphertext_and_tag), - ciphertext_and_tag_length); -} - -static void gsec_aead_free_test_vector(gsec_aead_test_vector* test_vector) { - gpr_free(test_vector->key); - gpr_free(test_vector->nonce); - gpr_free(test_vector->aad); - gpr_free(test_vector->plaintext); - gpr_free(test_vector->ciphertext_and_tag); - gpr_free(test_vector); -} - -static void gsec_test_create_random_aes_gcm_crypter(gsec_aead_crypter** crypter, - size_t key_length, - size_t nonce_length, - size_t tag_length, - bool rekey) { - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aes_gcm_aead_crypter_create(key, key_length, nonce_length, tag_length, - rekey, crypter, nullptr); - gpr_free(key); -} - -static void gsec_test_get_random_aes_gcm_crypters( - gsec_aead_crypter*** crypters) { - *crypters = static_cast( - gpr_malloc(sizeof(gsec_aead_crypter*) * kTestNumCrypters)); - gsec_test_create_random_aes_gcm_crypter( - &((*crypters)[0]), kAes128GcmKeyLength, kAesGcmNonceLength, - kAesGcmTagLength, /*rekey=*/false); - gsec_test_create_random_aes_gcm_crypter( - &((*crypters)[1]), kAes256GcmKeyLength, kAesGcmNonceLength, - kAesGcmTagLength, /*rekey=*/false); - gsec_test_create_random_aes_gcm_crypter( - &((*crypters)[2]), kAes128GcmRekeyKeyLength, kAesGcmNonceLength, - kAesGcmTagLength, /*rekey=*/true); -} - -static void gsec_test_do_generic_crypter_tests() { - gsec_aead_crypter** crypters; - gsec_test_get_random_aes_gcm_crypters(&crypters); - size_t ind; - for (ind = 0; ind < kTestNumCrypters; ind++) { - gsec_test_encrypt_decrypt(crypters[ind]); - gsec_test_multiple_encrypt_decrypt(crypters[ind]); - gsec_test_encryption_failure(crypters[ind]); - gsec_test_decryption_failure(crypters[ind]); - } - for (ind = 0; ind < kTestNumCrypters; ind++) { - gsec_aead_crypter_destroy(crypters[ind]); - } - gpr_free(crypters); -} - -static void gsec_test_do_vector_tests_rekey_nist() { - // NIST vectors from: - // http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf - // - // IEEE vectors from: - // http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf - // - // Key expanded by setting expandedKey = (key||(key ^ {0x01, .., 0x01})||key ^ - // {0x02,..,0x02}))[0:44]. - - gsec_aead_test_vector vec; - - // Derived from NIST test vector 1 - uint8_t nonce_0[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; - uint8_t aad_0[1] = {}; - uint8_t key_0[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, - 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, - 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2}; - uint8_t plaintext_0[1] = {}; - uint8_t ciphertext_0[] = {0x85, 0xE8, 0x73, 0xE0, 0x2, 0xF6, 0xEB, 0xDC, - 0x40, 0x60, 0x95, 0x4E, 0xB8, 0x67, 0x55, 0x8}; - vec = {nonce_0, aad_0, key_0, plaintext_0, ciphertext_0, 12, 0, 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from NIST test vector 2 - uint8_t nonce_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; - uint8_t aad_1[1] = {}; - uint8_t key_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, - 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, - 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2, 0x2}; - uint8_t plaintext_1[] = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}; - uint8_t ciphertext_1[] = {0x51, 0xE9, 0xA8, 0xCB, 0x23, 0xCA, 0x25, 0x12, - 0xC8, 0x25, 0x6A, 0xFF, 0xF8, 0xE7, 0x2D, 0x68, - 0x1A, 0xCA, 0x19, 0xA1, 0x14, 0x8A, 0xC1, 0x15, - 0xE8, 0x3D, 0xF4, 0x88, 0x8C, 0xC0, 0xD, 0x11}; - vec = {nonce_1, aad_1, key_1, plaintext_1, ciphertext_1, 12, 0, 44, 16, 32}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from NIST test vector 3 - uint8_t nonce_2[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_2[1] = {}; - uint8_t key_2[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_2[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, - 0xC5, 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, - 0xF7, 0xDA, 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, - 0x3C, 0xC, 0x95, 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, - 0x49, 0xA6, 0xB5, 0x25, 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, - 0x57, 0xBA, 0x63, 0x7B, 0x39, 0x1A, 0xAF, 0xD2, 0x55}; - uint8_t ciphertext_2[] = { - 0x10, 0x18, 0xED, 0x5A, 0x14, 0x2, 0xA8, 0x65, 0x16, 0xD6, 0x57, 0x6D, - 0x70, 0xB2, 0xFF, 0xCC, 0xCA, 0x26, 0x1B, 0x94, 0xDF, 0x88, 0xB5, 0x8F, - 0x53, 0xB6, 0x4D, 0xFB, 0xA4, 0x35, 0xD1, 0x8B, 0x2F, 0x6E, 0x3B, 0x78, - 0x69, 0xF9, 0x35, 0x3D, 0x4A, 0xC8, 0xCF, 0x9, 0xAF, 0xB1, 0x66, 0x3D, - 0xAA, 0x7B, 0x40, 0x17, 0xE6, 0xFC, 0x2C, 0x17, 0x7C, 0xC, 0x8, 0x7C, - 0xD, 0xF1, 0x16, 0x21, 0x29, 0x95, 0x22, 0x13, 0xCE, 0xE1, 0xBC, 0x6E, - 0x9C, 0x84, 0x95, 0xDD, 0x70, 0x5E, 0x1F, 0x3D}; - vec = {nonce_2, aad_2, key_2, plaintext_2, ciphertext_2, 12, 0, 44, 64, 80}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from NIST test vector 4 - uint8_t nonce_3[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_3[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_3[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_3[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_3[] = { - 0x10, 0x18, 0xED, 0x5A, 0x14, 0x2, 0xA8, 0x65, 0x16, 0xD6, 0x57, - 0x6D, 0x70, 0xB2, 0xFF, 0xCC, 0xCA, 0x26, 0x1B, 0x94, 0xDF, 0x88, - 0xB5, 0x8F, 0x53, 0xB6, 0x4D, 0xFB, 0xA4, 0x35, 0xD1, 0x8B, 0x2F, - 0x6E, 0x3B, 0x78, 0x69, 0xF9, 0x35, 0x3D, 0x4A, 0xC8, 0xCF, 0x9, - 0xAF, 0xB1, 0x66, 0x3D, 0xAA, 0x7B, 0x40, 0x17, 0xE6, 0xFC, 0x2C, - 0x17, 0x7C, 0xC, 0x8, 0x7C, 0x47, 0x64, 0x56, 0x5D, 0x7, 0x7E, - 0x91, 0x24, 0x0, 0x1D, 0xDB, 0x27, 0xFC, 0x8, 0x48, 0xC5}; - vec = {nonce_3, aad_3, key_3, plaintext_3, ciphertext_3, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 15) - uint8_t nonce_4[] = {0xCA, 0x7E, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_4[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_4[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_4[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_4[] = { - 0xE6, 0x50, 0xD3, 0xC0, 0xFB, 0x87, 0x93, 0x27, 0xF2, 0xD0, 0x32, - 0x87, 0xFA, 0x93, 0xCD, 0x7, 0x34, 0x2B, 0x13, 0x62, 0x15, 0xAD, - 0xBC, 0xA0, 0xC, 0x3B, 0xD5, 0x9, 0x9E, 0xC4, 0x18, 0x32, 0xB1, - 0xD1, 0x8E, 0x4, 0x23, 0xED, 0x26, 0xBB, 0x12, 0xC6, 0xCD, 0x9, - 0xDE, 0xBB, 0x29, 0x23, 0xA, 0x94, 0xC0, 0xCE, 0xE1, 0x59, 0x3, - 0x65, 0x6F, 0x85, 0xED, 0xB6, 0xFC, 0x50, 0x9B, 0x1B, 0x28, 0x21, - 0x63, 0x82, 0x17, 0x2E, 0xCB, 0xCC, 0x31, 0xE1, 0xE9, 0xB1}; - vec = {nonce_4, aad_4, key_4, plaintext_4, ciphertext_4, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 16) - uint8_t nonce_5[] = {0xCA, 0xFE, 0xBB, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_5[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_5[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_5[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_5[] = { - 0xC0, 0x12, 0x1E, 0x6C, 0x95, 0x4D, 0x7, 0x67, 0xF9, 0x66, 0x30, - 0xC3, 0x34, 0x50, 0x99, 0x97, 0x91, 0xB2, 0xDA, 0x2A, 0xD0, 0x5C, - 0x41, 0x90, 0x16, 0x9C, 0xCA, 0xD9, 0xAC, 0x86, 0xFF, 0x1C, 0x72, - 0x1E, 0x3D, 0x82, 0xF2, 0xAD, 0x22, 0xAB, 0x46, 0x3B, 0xAB, 0x4A, - 0x7, 0x54, 0xB7, 0xDD, 0x68, 0xCA, 0x4D, 0xE7, 0xEA, 0x25, 0x31, - 0xB6, 0x25, 0xED, 0xA0, 0x1F, 0x89, 0x31, 0x2B, 0x2A, 0xB9, 0x57, - 0xD5, 0xC7, 0xF8, 0x56, 0x8D, 0xD9, 0x5F, 0xCD, 0xCD, 0x1F}; - vec = {nonce_5, aad_5, key_5, plaintext_5, ciphertext_5, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 63) - uint8_t nonce_6[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0x2D, 0xDE, 0xCA, 0xF8, 0x88}; - uint8_t aad_6[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_6[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_6[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_6[] = { - 0x8A, 0xF3, 0x7E, 0xA5, 0x68, 0x4A, 0x4D, 0x81, 0xD4, 0xFD, 0x81, - 0x72, 0x61, 0xFD, 0x97, 0x43, 0x9, 0x9E, 0x7E, 0x6A, 0x2, 0x5E, - 0xAA, 0xCF, 0x8E, 0x54, 0xB1, 0x24, 0xFB, 0x57, 0x43, 0x14, 0x9E, - 0x5, 0xCB, 0x89, 0xF4, 0xA4, 0x94, 0x67, 0xFE, 0x2E, 0x5E, 0x59, - 0x65, 0xF2, 0x9A, 0x19, 0xF9, 0x94, 0x16, 0xB0, 0x1, 0x6B, 0x54, - 0x58, 0x5D, 0x12, 0x55, 0x37, 0x83, 0xBA, 0x59, 0xE9, 0xF7, 0x82, - 0xE8, 0x2E, 0x9, 0x7C, 0x33, 0x6B, 0xF7, 0x98, 0x9F, 0x8}; - vec = {nonce_6, aad_6, key_6, plaintext_6, ciphertext_6, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from adapted NIST test vector 4 for KDF counter boundary (flip - // nonce bit 64) - uint8_t nonce_7[] = {0xCA, 0xFE, 0xBA, 0xBE, 0xFA, 0xCE, - 0xDB, 0xAD, 0xDF, 0xCA, 0xF8, 0x88}; - uint8_t aad_7[] = {0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, - 0xEF, 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, - 0xBE, 0xEF, 0xAB, 0xAD, 0xDA, 0xD2}; - uint8_t key_7[] = {0xFE, 0xFF, 0xE9, 0x92, 0x86, 0x65, 0x73, 0x1C, 0x6D, - 0x6A, 0x8F, 0x94, 0x67, 0x30, 0x83, 0x8, 0xFF, 0xFE, - 0xE8, 0x93, 0x87, 0x64, 0x72, 0x1D, 0x6C, 0x6B, 0x8E, - 0x95, 0x66, 0x31, 0x82, 0x9, 0xFC, 0xFD, 0xEB, 0x90, - 0x84, 0x67, 0x71, 0x1E, 0x6F, 0x68, 0x8D, 0x96}; - uint8_t plaintext_7[] = { - 0xD9, 0x31, 0x32, 0x25, 0xF8, 0x84, 0x6, 0xE5, 0xA5, 0x59, 0x9, 0xC5, - 0xAF, 0xF5, 0x26, 0x9A, 0x86, 0xA7, 0xA9, 0x53, 0x15, 0x34, 0xF7, 0xDA, - 0x2E, 0x4C, 0x30, 0x3D, 0x8A, 0x31, 0x8A, 0x72, 0x1C, 0x3C, 0xC, 0x95, - 0x95, 0x68, 0x9, 0x53, 0x2F, 0xCF, 0xE, 0x24, 0x49, 0xA6, 0xB5, 0x25, - 0xB1, 0x6A, 0xED, 0xF5, 0xAA, 0xD, 0xE6, 0x57, 0xBA, 0x63, 0x7B, 0x39}; - uint8_t ciphertext_7[] = { - 0xFB, 0xD5, 0x28, 0x44, 0x8D, 0x3, 0x46, 0xBF, 0xA8, 0x78, 0x63, - 0x48, 0x64, 0xD4, 0x7, 0xA3, 0x5A, 0x3, 0x9D, 0xE9, 0xDB, 0x2F, - 0x1F, 0xEB, 0x8E, 0x96, 0x5B, 0x3A, 0xE9, 0x35, 0x6C, 0xE6, 0x28, - 0x94, 0x41, 0xD7, 0x7F, 0x8F, 0xD, 0xF2, 0x94, 0x89, 0x1F, 0x37, - 0xEA, 0x43, 0x8B, 0x22, 0x3E, 0x3B, 0xF2, 0xBD, 0xC5, 0x3D, 0x4C, - 0x5A, 0x74, 0xFB, 0x68, 0xB, 0xB3, 0x12, 0xA8, 0xDE, 0xC6, 0xF7, - 0x25, 0x2C, 0xBC, 0xD7, 0xF5, 0x79, 0x97, 0x50, 0xAD, 0x78}; - vec = {nonce_7, aad_7, key_7, plaintext_7, ciphertext_7, 12, 20, 44, 60, 76}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); -} - -static void gsec_test_do_vector_tests_rekey_ieee() { - // IEEE vectors from: - // http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf - // - // Key expanded by setting expandedKey = (key||(key ^ {0x01, .., 0x01})||key ^ - // {0x02,..,0x02}))[0:44]. - - gsec_aead_test_vector vec; - - // Derived from IEEE 2.1.1 54-byte auth - uint8_t nonce_8[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_8[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0xD, 0x46, 0xDF, - 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, 0xB2, 0xC2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x1}; - uint8_t key_8[] = {0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, 0x6F, - 0x62, 0xF, 0xDC, 0xB5, 0x6, 0xB3, 0x45, 0xAC, 0x7B, - 0x2A, 0xD1, 0x3F, 0xAD, 0x82, 0x5B, 0x6E, 0x63, 0xE, - 0xDD, 0xB4, 0x7, 0xB2, 0x44, 0xAF, 0x78, 0x29, 0xD2, - 0x3C, 0xAE, 0x81, 0x58, 0x6D, 0x60, 0xD, 0xDE}; - uint8_t plaintext_8[1] = {}; - uint8_t ciphertext_8[] = {0x3E, 0xA0, 0xB5, 0x84, 0xF3, 0xC8, 0x5E, 0x93, - 0xF9, 0x32, 0xE, 0xA5, 0x91, 0x69, 0x9E, 0xFB}; - vec = {nonce_8, aad_8, key_8, plaintext_8, ciphertext_8, 12, 70, 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.1.2 54-byte auth - uint8_t nonce_9[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_9[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, 0xD, 0x46, 0xDF, - 0x99, 0x8D, 0x88, 0xE5, 0x22, 0x2A, 0xB2, 0xC2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x1}; - uint8_t key_9[] = {0xE3, 0xC0, 0x8A, 0x8F, 0x6, 0xC6, 0xE3, 0xAD, 0x95, - 0xA7, 0x5, 0x57, 0xB2, 0x3F, 0x75, 0x48, 0x3C, 0xE3, - 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, 0x25, 0x66, 0x62, - 0x4, 0xC6, 0x9C, 0xB, 0x72, 0xE1, 0xC2, 0x88, 0x8D, - 0x4, 0xC4, 0xE1, 0xAF, 0x97, 0xA5, 0x7, 0x55}; - uint8_t plaintext_9[1] = {}; - uint8_t ciphertext_9[] = {0x29, 0x4E, 0x2, 0x8B, 0xF1, 0xFE, 0x6F, 0x14, - 0xC4, 0xE8, 0xF7, 0x30, 0x5C, 0x93, 0x3E, 0xB5}; - vec = {nonce_9, aad_9, key_9, plaintext_9, ciphertext_9, 12, 70, 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.2.1 60-byte crypt - uint8_t nonce_10[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_10[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, - 0xD, 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5, - 0x2E, 0x0, 0xB2, 0xC2, 0x84, 0x65, 0x12, - 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81}; - uint8_t key_10[] = {0xAD, 0x7A, 0x2B, 0xD0, 0x3E, 0xAC, 0x83, 0x5A, 0x6F, - 0x62, 0xF, 0xDC, 0xB5, 0x6, 0xB3, 0x45, 0xAC, 0x7B, - 0x2A, 0xD1, 0x3F, 0xAD, 0x82, 0x5B, 0x6E, 0x63, 0xE, - 0xDD, 0xB4, 0x7, 0xB2, 0x44, 0xAF, 0x78, 0x29, 0xD2, - 0x3C, 0xAE, 0x81, 0x58, 0x6D, 0x60, 0xD, 0xDE}; - uint8_t plaintext_10[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x2}; - uint8_t ciphertext_10[] = { - 0xDB, 0x3D, 0x25, 0x71, 0x9C, 0x6B, 0xA, 0x3C, 0xA6, 0x14, 0x5C, - 0x15, 0x9D, 0x5C, 0x6E, 0xD9, 0xAF, 0xF9, 0xC6, 0xE0, 0xB7, 0x9F, - 0x17, 0x1, 0x9E, 0xA9, 0x23, 0xB8, 0x66, 0x5D, 0xDF, 0x52, 0x13, - 0x7A, 0xD6, 0x11, 0xF0, 0xD1, 0xBF, 0x41, 0x7A, 0x7C, 0xA8, 0x5E, - 0x45, 0xAF, 0xE1, 0x6, 0xFF, 0x9C, 0x75, 0x69, 0xD3, 0x35, 0xD0, - 0x86, 0xAE, 0x6C, 0x3, 0xF0, 0x9, 0x87, 0xCC, 0xD6}; - vec = {nonce_10, aad_10, key_10, plaintext_10, ciphertext_10, - 12, 28, 44, 48, 64}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.2.2 60-byte crypt - uint8_t nonce_11[] = {0x12, 0x15, 0x35, 0x24, 0xC0, 0x89, - 0x5E, 0x81, 0xB2, 0xC2, 0x84, 0x65}; - uint8_t aad_11[] = {0xD6, 0x9, 0xB1, 0xF0, 0x56, 0x63, 0x7A, - 0xD, 0x46, 0xDF, 0x99, 0x8D, 0x88, 0xE5, - 0x2E, 0x0, 0xB2, 0xC2, 0x84, 0x65, 0x12, - 0x15, 0x35, 0x24, 0xC0, 0x89, 0x5E, 0x81}; - uint8_t key_11[] = {0xE3, 0xC0, 0x8A, 0x8F, 0x6, 0xC6, 0xE3, 0xAD, 0x95, - 0xA7, 0x5, 0x57, 0xB2, 0x3F, 0x75, 0x48, 0x3C, 0xE3, - 0x30, 0x21, 0xA9, 0xC7, 0x2B, 0x70, 0x25, 0x66, 0x62, - 0x4, 0xC6, 0x9C, 0xB, 0x72, 0xE1, 0xC2, 0x88, 0x8D, - 0x4, 0xC4, 0xE1, 0xAF, 0x97, 0xA5, 0x7, 0x55}; - uint8_t plaintext_11[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x2}; - uint8_t ciphertext_11[] = { - 0x16, 0x41, 0xF2, 0x8E, 0xC1, 0x3A, 0xFC, 0xC8, 0xF7, 0x90, 0x33, - 0x89, 0x78, 0x72, 0x1, 0x5, 0x16, 0x44, 0x91, 0x49, 0x33, 0xE9, - 0x20, 0x2B, 0xB9, 0xD0, 0x6A, 0xA0, 0x20, 0xC2, 0xA6, 0x7E, 0xF5, - 0x1D, 0xFE, 0x7B, 0xC0, 0xA, 0x85, 0x6C, 0x55, 0xB8, 0xF8, 0x13, - 0x3E, 0x77, 0xF6, 0x59, 0x13, 0x25, 0x2, 0xBA, 0xD6, 0x3F, 0x57, - 0x13, 0xD5, 0x7D, 0xC, 0x11, 0xE0, 0xF8, 0x71, 0xED}; - vec = {nonce_11, aad_11, key_11, plaintext_11, ciphertext_11, - 12, 28, 44, 48, 64}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.3.1 60-byte auth - uint8_t nonce_12[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_12[] = { - 0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x88, 0xE5, 0x40, 0x0, 0x76, 0xD4, 0x57, 0xED, 0x8, 0x0, 0xF, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, - 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x3}; - uint8_t key_12[] = {0x7, 0x1B, 0x11, 0x3B, 0xC, 0xA7, 0x43, 0xFE, 0xCC, - 0xCF, 0x3D, 0x5, 0x1F, 0x73, 0x73, 0x82, 0x6, 0x1A, - 0x10, 0x3A, 0xD, 0xA6, 0x42, 0xFF, 0xCD, 0xCE, 0x3C, - 0x4, 0x1E, 0x72, 0x72, 0x83, 0x5, 0x19, 0x13, 0x39, - 0xE, 0xA5, 0x41, 0xFC, 0xCE, 0xCD, 0x3F, 0x7}; - uint8_t plaintext_12[1] = {}; - uint8_t ciphertext_12[] = {0x58, 0x83, 0x7A, 0x10, 0x56, 0x2B, 0xF, 0x1F, - 0x8E, 0xDB, 0xE5, 0x8C, 0xA5, 0x58, 0x11, 0xD3}; - vec = {nonce_12, aad_12, key_12, plaintext_12, ciphertext_12, 12, 68, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.3.2 60-byte auth - uint8_t nonce_13[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_13[] = { - 0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x88, 0xE5, 0x40, 0x0, 0x76, 0xD4, 0x57, 0xED, 0x8, 0x0, 0xF, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, - 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x0, 0x3}; - uint8_t key_13[] = {0x69, 0x1D, 0x3E, 0xE9, 0x9, 0xD7, 0xF5, 0x41, 0x67, - 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x8, 0x1F, 0x2B, - 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, 0xAB, 0x80, 0xBD, - 0x52, 0x95, 0xAE, 0x6B, 0xE7, 0x6B, 0x1F, 0x3C, 0xEB, - 0xB, 0xD5, 0xF7, 0x43, 0x65, 0xFF, 0x1E, 0xA2}; - uint8_t plaintext_13[1] = {}; - uint8_t ciphertext_13[] = {0xC2, 0x72, 0x2F, 0xF6, 0xCA, 0x29, 0xA2, 0x57, - 0x71, 0x8A, 0x52, 0x9D, 0x1F, 0xC, 0x6A, 0x3B}; - vec = {nonce_13, aad_13, key_13, plaintext_13, ciphertext_13, 12, 68, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.4.1 54-byte crypt - uint8_t nonce_14[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_14[] = {0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, - 0x76, 0x1E, 0x8D, 0xCD, 0x3D, 0x88, 0xE5, - 0x4C, 0x2A, 0x76, 0xD4, 0x57, 0xED}; - uint8_t key_14[] = {0x7, 0x1B, 0x11, 0x3B, 0xC, 0xA7, 0x43, 0xFE, 0xCC, - 0xCF, 0x3D, 0x5, 0x1F, 0x73, 0x73, 0x82, 0x6, 0x1A, - 0x10, 0x3A, 0xD, 0xA6, 0x42, 0xFF, 0xCD, 0xCE, 0x3C, - 0x4, 0x1E, 0x72, 0x72, 0x83, 0x5, 0x19, 0x13, 0x39, - 0xE, 0xA5, 0x41, 0xFC, 0xCE, 0xCD, 0x3F, 0x7}; - uint8_t plaintext_14[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x4}; - uint8_t ciphertext_14[] = { - 0xFD, 0x96, 0xB7, 0x15, 0xB9, 0x3A, 0x13, 0x34, 0x6A, 0xF5, 0x1E, 0x8A, - 0xCD, 0xF7, 0x92, 0xCD, 0xC7, 0xB2, 0x68, 0x6F, 0x85, 0x74, 0xC7, 0xE, - 0x6B, 0xC, 0xBF, 0x16, 0x29, 0x1D, 0xED, 0x42, 0x7A, 0xD7, 0x3F, 0xEC, - 0x48, 0xCD, 0x29, 0x8E, 0x5, 0x28, 0xA1, 0xF4, 0xC6, 0x44, 0xA9, 0x49, - 0xFC, 0x31, 0xDC, 0x92, 0x79, 0x70, 0x6D, 0xDB, 0xA3, 0x3F}; - vec = {nonce_14, aad_14, key_14, plaintext_14, ciphertext_14, - 12, 20, 44, 42, 58}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.4.2 54-byte crypt - uint8_t nonce_15[] = {0xF0, 0x76, 0x1E, 0x8D, 0xCD, 0x3D, - 0x0, 0x1, 0x76, 0xD4, 0x57, 0xED}; - uint8_t aad_15[] = {0xE2, 0x1, 0x6, 0xD7, 0xCD, 0xD, 0xF0, - 0x76, 0x1E, 0x8D, 0xCD, 0x3D, 0x88, 0xE5, - 0x4C, 0x2A, 0x76, 0xD4, 0x57, 0xED}; - uint8_t key_15[] = {0x69, 0x1D, 0x3E, 0xE9, 0x9, 0xD7, 0xF5, 0x41, 0x67, - 0xFD, 0x1C, 0xA0, 0xB5, 0xD7, 0x69, 0x8, 0x1F, 0x2B, - 0xDE, 0x1A, 0xEE, 0x65, 0x5F, 0xDB, 0xAB, 0x80, 0xBD, - 0x52, 0x95, 0xAE, 0x6B, 0xE7, 0x6B, 0x1F, 0x3C, 0xEB, - 0xB, 0xD5, 0xF7, 0x43, 0x65, 0xFF, 0x1E, 0xA2}; - uint8_t plaintext_15[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x0, 0x4}; - uint8_t ciphertext_15[] = { - 0xB6, 0x8F, 0x63, 0x0, 0xC2, 0xE9, 0xAE, 0x83, 0x3B, 0xDC, 0x7, 0xE, - 0x24, 0x2, 0x1A, 0x34, 0x77, 0x11, 0x8E, 0x78, 0xCC, 0xF8, 0x4E, 0x11, - 0xA4, 0x85, 0xD8, 0x61, 0x47, 0x6C, 0x30, 0xF, 0x17, 0x53, 0x53, 0xD5, - 0xCD, 0xF9, 0x20, 0x8, 0xA4, 0xF8, 0x78, 0xE6, 0xCC, 0x35, 0x77, 0x76, - 0x80, 0x85, 0xC5, 0xA, 0xE, 0x98, 0xFD, 0xA6, 0xCB, 0xB8}; - vec = {nonce_15, aad_15, key_15, plaintext_15, ciphertext_15, - 12, 20, 44, 42, 58}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.5.1 65-byte auth - uint8_t nonce_16[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_16[] = { - 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, - 0x88, 0xE5, 0x23, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, 0xFD, 0xE9, 0xF9, - 0xE3, 0x37, 0x24, 0xC6, 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x0, 0x5}; - uint8_t key_16[] = {0x1, 0x3F, 0xE0, 0xB, 0x5F, 0x11, 0xBE, 0x7F, 0x86, - 0x6D, 0xC, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, 0x0, 0x3E, - 0xE1, 0xA, 0x5E, 0x10, 0xBF, 0x7E, 0x87, 0x6C, 0xD, - 0xBA, 0xC4, 0x5B, 0x7B, 0x91, 0x3, 0x3D, 0xE2, 0x9, - 0x5D, 0x13, 0xBC, 0x7D, 0x84, 0x6F, 0xE, 0xB9}; - uint8_t plaintext_16[1] = {}; - uint8_t ciphertext_16[] = {0xCC, 0xA2, 0xE, 0xEC, 0xDA, 0x62, 0x83, 0xF0, - 0x9B, 0xB3, 0x54, 0x3D, 0xD9, 0x9E, 0xDB, 0x9B}; - vec = {nonce_16, aad_16, key_16, plaintext_16, ciphertext_16, 12, 81, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.5.2 65-byte auth - uint8_t nonce_17[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_17[] = { - 0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, 0xE5, 0xBB, 0xD2, 0x72, 0x77, - 0x88, 0xE5, 0x23, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, 0xFD, 0xE9, 0xF9, - 0xE3, 0x37, 0x24, 0xC6, 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x0, 0x5}; - uint8_t key_17[] = {0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, 0xC0, - 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, 0x9A, 0xC1, - 0xC8, 0xF, 0xEE, 0x1B, 0x62, 0x44, 0x97, 0xEF, 0x94, - 0x2E, 0x2F, 0x79, 0xA8, 0x23, 0x81, 0xC2, 0x91, 0xB7, - 0x8F, 0xE5, 0xFD, 0xE3, 0xC2, 0xD8, 0x90, 0x68}; - uint8_t plaintext_17[1] = {}; - uint8_t ciphertext_17[] = {0xB2, 0x32, 0xCC, 0x1D, 0xA5, 0x11, 0x7B, 0xF1, - 0x50, 0x3, 0x73, 0x4F, 0xA5, 0x99, 0xD2, 0x71}; - vec = {nonce_17, aad_17, key_17, plaintext_17, ciphertext_17, 12, 81, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.6.1 61-byte crypt - uint8_t nonce_18[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_18[] = {0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, - 0xE5, 0xBB, 0xD2, 0x72, 0x77, 0x88, 0xE5, - 0x2F, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, - 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6}; - uint8_t key_18[] = {0x1, 0x3F, 0xE0, 0xB, 0x5F, 0x11, 0xBE, 0x7F, 0x86, - 0x6D, 0xC, 0xBB, 0xC5, 0x5A, 0x7A, 0x90, 0x0, 0x3E, - 0xE1, 0xA, 0x5E, 0x10, 0xBF, 0x7E, 0x87, 0x6C, 0xD, - 0xBA, 0xC4, 0x5B, 0x7B, 0x91, 0x3, 0x3D, 0xE2, 0x9, - 0x5D, 0x13, 0xBC, 0x7D, 0x84, 0x6F, 0xE, 0xB9}; - uint8_t plaintext_18[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x0, 0x6}; - uint8_t ciphertext_18[] = { - 0xFF, 0x19, 0x10, 0xD3, 0x5A, 0xD7, 0xE5, 0x65, 0x78, 0x90, 0xC7, - 0xC5, 0x60, 0x14, 0x6F, 0xD0, 0x38, 0x70, 0x7F, 0x20, 0x4B, 0x66, - 0xED, 0xBC, 0x3D, 0x16, 0x1F, 0x8A, 0xCE, 0x24, 0x4B, 0x98, 0x59, - 0x21, 0x2, 0x3C, 0x43, 0x6E, 0x3A, 0x1C, 0x35, 0x32, 0xEC, 0xD5, - 0xD0, 0x9A, 0x5, 0x6D, 0x70, 0xBE, 0x58, 0x3F, 0xD, 0x10, 0x82, - 0x9D, 0x93, 0x87, 0xD0, 0x7D, 0x33, 0xD8, 0x72, 0xE4, 0x90}; - vec = {nonce_18, aad_18, key_18, plaintext_18, ciphertext_18, - 12, 28, 44, 49, 65}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.6.2 61-byte crypt - uint8_t nonce_19[] = {0x7C, 0xFD, 0xE9, 0xF9, 0xE3, 0x37, - 0x24, 0xC6, 0x89, 0x32, 0xD6, 0x12}; - uint8_t aad_19[] = {0x84, 0xC5, 0xD5, 0x13, 0xD2, 0xAA, 0xF6, - 0xE5, 0xBB, 0xD2, 0x72, 0x77, 0x88, 0xE5, - 0x2F, 0x0, 0x89, 0x32, 0xD6, 0x12, 0x7C, - 0xFD, 0xE9, 0xF9, 0xE3, 0x37, 0x24, 0xC6}; - uint8_t key_19[] = {0x83, 0xC0, 0x93, 0xB5, 0x8D, 0xE7, 0xFF, 0xE1, 0xC0, - 0xDA, 0x92, 0x6A, 0xC4, 0x3F, 0xB3, 0x60, 0x9A, 0xC1, - 0xC8, 0xF, 0xEE, 0x1B, 0x62, 0x44, 0x97, 0xEF, 0x94, - 0x2E, 0x2F, 0x79, 0xA8, 0x23, 0x81, 0xC2, 0x91, 0xB7, - 0x8F, 0xE5, 0xFD, 0xE3, 0xC2, 0xD8, 0x90, 0x68}; - uint8_t plaintext_19[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x0, 0x6}; - uint8_t ciphertext_19[] = { - 0xD, 0xB4, 0xCF, 0x95, 0x6B, 0x5F, 0x97, 0xEC, 0xA4, 0xEA, 0xB8, - 0x2A, 0x69, 0x55, 0x30, 0x7F, 0x9A, 0xE0, 0x2A, 0x32, 0xDD, 0x7D, - 0x93, 0xF8, 0x3D, 0x66, 0xAD, 0x4, 0xE1, 0xCF, 0xDC, 0x51, 0x82, - 0xAD, 0x12, 0xAB, 0xDE, 0xA5, 0xBB, 0xB6, 0x19, 0xA1, 0xBD, 0x5F, - 0xB9, 0xA5, 0x73, 0x59, 0xF, 0xBA, 0x90, 0x8E, 0x9C, 0x7A, 0x46, - 0xC1, 0xF7, 0xBA, 0x9, 0x5, 0xD1, 0xB5, 0x5F, 0xFD, 0xA4}; - vec = {nonce_19, aad_19, key_19, plaintext_19, ciphertext_19, - 12, 28, 44, 49, 65}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.7.1 79-byte crypt - uint8_t nonce_20[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_20[] = { - 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, - 0xC5, 0x88, 0xE5, 0x41, 0x0, 0x2E, 0x58, 0x49, 0x5C, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x0, 0x7}; - uint8_t key_20[] = {0x88, 0xEE, 0x8, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, 0xF6, - 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, 0x89, 0xEF, - 0x9, 0x7E, 0xD8, 0x5C, 0xA8, 0xFA, 0xF7, 0x73, 0x5B, - 0xA8, 0xD6, 0x56, 0xB1, 0xCC, 0x8A, 0xEC, 0xA, 0x7D, - 0xDB, 0x5F, 0xAB, 0xF9, 0xF4, 0x70, 0x58, 0xAB}; - uint8_t plaintext_20[1] = {}; - uint8_t ciphertext_20[] = {0x81, 0x3F, 0xE, 0x63, 0xF, 0x96, 0xFB, 0x2D, - 0x3, 0xF, 0x58, 0xD8, 0x3F, 0x5C, 0xDF, 0xD0}; - vec = {nonce_20, aad_20, key_20, plaintext_20, ciphertext_20, 12, 87, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.7.2 79-byte crypt - uint8_t nonce_21[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_21[] = { - 0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, 0xE8, 0xE2, 0xCA, 0x4E, - 0xC5, 0x88, 0xE5, 0x41, 0x0, 0x2E, 0x58, 0x49, 0x5C, 0x8, 0x0, - 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x0, 0x7}; - uint8_t key_21[] = {0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, 0x74, - 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, 0x1F, 0xCE, - 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, 0x1A, 0x2C, 0xAA, - 0xF, 0xFE, 0x4, 0x7, 0xE5, 0x4E, 0x95, 0x3F, 0xBE, - 0x71, 0x66, 0x60, 0x14, 0x76, 0xFA, 0xB7, 0xBA}; - uint8_t plaintext_21[1] = {}; - uint8_t ciphertext_21[] = {0x77, 0xE5, 0xA4, 0x4C, 0x21, 0xEB, 0x7, 0x18, - 0x8A, 0xAC, 0xBD, 0x74, 0xD1, 0x98, 0xE, 0x97}; - vec = {nonce_21, aad_21, key_21, plaintext_21, ciphertext_21, 12, 87, - 44, 0, 16}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.8.1 61-byte crypt - uint8_t nonce_22[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_22[] = {0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, - 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, 0x88, 0xE5, - 0x4D, 0x0, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t key_22[] = {0x88, 0xEE, 0x8, 0x7F, 0xD9, 0x5D, 0xA9, 0xFB, 0xF6, - 0x72, 0x5A, 0xA9, 0xD7, 0x57, 0xB0, 0xCD, 0x89, 0xEF, - 0x9, 0x7E, 0xD8, 0x5C, 0xA8, 0xFA, 0xF7, 0x73, 0x5B, - 0xA8, 0xD6, 0x56, 0xB1, 0xCC, 0x8A, 0xEC, 0xA, 0x7D, - 0xDB, 0x5F, 0xAB, 0xF9, 0xF4, 0x70, 0x58, 0xAB}; - uint8_t plaintext_22[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x0, 0x8}; - uint8_t ciphertext_22[] = { - 0x95, 0x8E, 0xC3, 0xF6, 0xD6, 0xA, 0xFE, 0xDA, 0x99, 0xEF, 0xD8, 0x88, - 0xF1, 0x75, 0xE5, 0xFC, 0xD4, 0xC8, 0x7B, 0x9B, 0xCC, 0x5C, 0x2F, 0x54, - 0x26, 0x25, 0x3A, 0x8B, 0x50, 0x62, 0x96, 0xC8, 0xC4, 0x33, 0x9, 0xAB, - 0x2A, 0xDB, 0x59, 0x39, 0x46, 0x25, 0x41, 0xD9, 0x5E, 0x80, 0x81, 0x1E, - 0x4, 0xE7, 0x6, 0xB1, 0x49, 0x8F, 0x2C, 0x40, 0x7C, 0x7F, 0xB2, 0x34, - 0xF8, 0xCC, 0x1, 0xA6, 0x47, 0x55, 0xE, 0xE6, 0xB5, 0x57, 0xB3, 0x5A, - 0x7E, 0x39, 0x45, 0x38, 0x18, 0x21, 0xF4}; - vec = {nonce_22, aad_22, key_22, plaintext_22, ciphertext_22, - 12, 20, 44, 63, 79}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); - - // Derived from IEEE 2.8.2 61-byte crypt - uint8_t nonce_23[] = {0x7A, 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, - 0x0, 0x1, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t aad_23[] = {0x68, 0xF2, 0xE7, 0x76, 0x96, 0xCE, 0x7A, - 0xE8, 0xE2, 0xCA, 0x4E, 0xC5, 0x88, 0xE5, - 0x4D, 0x0, 0x2E, 0x58, 0x49, 0x5C}; - uint8_t key_23[] = {0x4C, 0x97, 0x3D, 0xBC, 0x73, 0x64, 0x62, 0x16, 0x74, - 0xF8, 0xB5, 0xB8, 0x9E, 0x5C, 0x15, 0x51, 0x1F, 0xCE, - 0xD9, 0x21, 0x64, 0x90, 0xFB, 0x1C, 0x1A, 0x2C, 0xAA, - 0xF, 0xFE, 0x4, 0x7, 0xE5, 0x4E, 0x95, 0x3F, 0xBE, - 0x71, 0x66, 0x60, 0x14, 0x76, 0xFA, 0xB7, 0xBA}; - uint8_t plaintext_23[] = { - 0x8, 0x0, 0xF, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x0, 0x8}; - uint8_t ciphertext_23[] = { - 0xB4, 0x4D, 0x7, 0x20, 0x11, 0xCD, 0x36, 0xD2, 0x72, 0xA9, 0xB7, 0xA9, - 0x8D, 0xB9, 0xAA, 0x90, 0xCB, 0xC5, 0xC6, 0x7B, 0x93, 0xDD, 0xCE, 0x67, - 0xC8, 0x54, 0x50, 0x32, 0x14, 0xE2, 0xE8, 0x96, 0xEC, 0x7E, 0x9D, 0xB6, - 0x49, 0xED, 0x4B, 0xCF, 0x6F, 0x85, 0xA, 0xAC, 0x2, 0x23, 0xD0, 0xCF, - 0x92, 0xC8, 0x3D, 0xB8, 0x7, 0x95, 0xC3, 0xA1, 0x7E, 0xCC, 0x12, 0x48, - 0xBB, 0x0, 0x59, 0x17, 0x12, 0xB1, 0xAE, 0x71, 0xE2, 0x68, 0x16, 0x41, - 0x96, 0x25, 0x21, 0x62, 0x81, 0xB, 0x0}; - vec = {nonce_23, aad_23, key_23, plaintext_23, ciphertext_23, - 12, 20, 44, 63, 79}; - gsec_test_verify_crypter_on_test_vector(&vec, /*rekey=*/true); -} - -static void gsec_test_do_vector_tests_nist() { - /** - * From: - * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/ - * gcm-revised-spec.pdf - */ - - /* Test vector 1 */ - gsec_aead_test_vector* test_vector_1; - const uint8_t test_vector_1_key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_1_nonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_1_aad[1] = {}; - const uint8_t test_vector_1_plaintext[1] = {}; - const uint8_t test_vector_1_ciphertext_and_tag[] = { - 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, - 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a}; - gsec_aead_malloc_test_vector( - &test_vector_1, test_vector_1_key, - sizeof(test_vector_1_key) / sizeof(uint8_t), test_vector_1_nonce, - sizeof(test_vector_1_nonce) / sizeof(uint8_t), test_vector_1_aad, 0, - test_vector_1_plaintext, 0, test_vector_1_ciphertext_and_tag, - sizeof(test_vector_1_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_1); - gsec_aead_free_test_vector(test_vector_1); - - /* Test vector 2 */ - gsec_aead_test_vector* test_vector_2; - const uint8_t test_vector_2_key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_2_nonce[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_2_aad[1] = {}; - const uint8_t test_vector_2_plaintext[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00}; - const uint8_t test_vector_2_ciphertext_and_tag[] = { - 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, 0xf3, 0x28, 0xc2, - 0xb9, 0x71, 0xb2, 0xfe, 0x78, 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, - 0x13, 0xbd, 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf}; - gsec_aead_malloc_test_vector( - &test_vector_2, test_vector_2_key, - sizeof(test_vector_2_key) / sizeof(uint8_t), test_vector_2_nonce, - sizeof(test_vector_2_nonce) / sizeof(uint8_t), test_vector_2_aad, 0, - test_vector_2_plaintext, - sizeof(test_vector_2_plaintext) / sizeof(uint8_t), - test_vector_2_ciphertext_and_tag, - sizeof(test_vector_2_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_2); - gsec_aead_free_test_vector(test_vector_2); - - /* Test vector 3 */ - gsec_aead_test_vector* test_vector_3; - const uint8_t test_vector_3_key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, - 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, - 0x67, 0x30, 0x83, 0x08}; - const uint8_t test_vector_3_nonce[] = {0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88}; - const uint8_t test_vector_3_aad[1] = {}; - const uint8_t test_vector_3_plaintext[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, - 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, - 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, - 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, - 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, - 0x57, 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55}; - const uint8_t test_vector_3_ciphertext_and_tag[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, 0xb7, - 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, - 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, 0xd5, 0x14, 0xb2, - 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, - 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58, 0xe0, 0x91, - 0x47, 0x3f, 0x59, 0x85, 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, - 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4}; - gsec_aead_malloc_test_vector( - &test_vector_3, test_vector_3_key, - sizeof(test_vector_3_key) / sizeof(uint8_t), test_vector_3_nonce, - sizeof(test_vector_3_nonce) / sizeof(uint8_t), test_vector_3_aad, 0, - test_vector_3_plaintext, - sizeof(test_vector_3_plaintext) / sizeof(uint8_t), - test_vector_3_ciphertext_and_tag, - sizeof(test_vector_3_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_3); - gsec_aead_free_test_vector(test_vector_3); - - /* Test vector 4 */ - gsec_aead_test_vector* test_vector_4; - const uint8_t test_vector_4_key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, - 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, - 0x67, 0x30, 0x83, 0x08}; - const uint8_t test_vector_4_nonce[] = {0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88}; - const uint8_t test_vector_4_aad[] = {0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, - 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, - 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2}; - const uint8_t test_vector_4_plaintext[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, - 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, - 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39}; - const uint8_t test_vector_4_ciphertext_and_tag[] = { - 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, - 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, - 0xa4, 0xe0, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, - 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, - 0xac, 0x84, 0xaa, 0x05, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, - 0x97, 0x3d, 0x58, 0xe0, 0x91, 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, - 0xa5, 0xdb, 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47}; - gsec_aead_malloc_test_vector( - &test_vector_4, test_vector_4_key, - sizeof(test_vector_4_key) / sizeof(uint8_t), test_vector_4_nonce, - sizeof(test_vector_4_nonce) / sizeof(uint8_t), test_vector_4_aad, - sizeof(test_vector_4_aad) / sizeof(uint8_t), test_vector_4_plaintext, - sizeof(test_vector_4_plaintext) / sizeof(uint8_t), - test_vector_4_ciphertext_and_tag, - sizeof(test_vector_4_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_4); - gsec_aead_free_test_vector(test_vector_4); -} - -static void gsec_test_do_vector_tests_ieee() { - /** - * From: - * http://www.ieee802.org/1/files/public/docs2011/ - * bn-randall-test-vectors-0511-v1.pdf - */ - - /* 2.1.1 54-byte auth */ - gsec_aead_test_vector* test_vector_5; - const uint8_t test_vector_5_key[] = {0xad, 0x7a, 0x2b, 0xd0, 0x3e, 0xac, - 0x83, 0x5a, 0x6f, 0x62, 0x0f, 0xdc, - 0xb5, 0x06, 0xb3, 0x45}; - const uint8_t test_vector_5_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_5_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, 0x99, 0x8d, - 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24, - 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x01}; - const uint8_t test_vector_5_plaintext[1] = {}; - const uint8_t test_vector_5_ciphertext_and_tag[] = { - 0xf0, 0x94, 0x78, 0xa9, 0xb0, 0x90, 0x07, 0xd0, - 0x6f, 0x46, 0xe9, 0xb6, 0xa1, 0xda, 0x25, 0xdd}; - gsec_aead_malloc_test_vector( - &test_vector_5, test_vector_5_key, - sizeof(test_vector_5_key) / sizeof(uint8_t), test_vector_5_nonce, - sizeof(test_vector_5_nonce) / sizeof(uint8_t), test_vector_5_aad, - sizeof(test_vector_5_aad) / sizeof(uint8_t), test_vector_5_plaintext, 0, - test_vector_5_ciphertext_and_tag, - sizeof(test_vector_5_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_5); - gsec_aead_free_test_vector(test_vector_5); - - /* 2.1.2 54-byte auth */ - gsec_aead_test_vector* test_vector_6; - const uint8_t test_vector_6_key[] = { - 0xe3, 0xc0, 0x8a, 0x8f, 0x06, 0xc6, 0xe3, 0xad, 0x95, 0xa7, 0x05, - 0x57, 0xb2, 0x3f, 0x75, 0x48, 0x3c, 0xe3, 0x30, 0x21, 0xa9, 0xc7, - 0x2b, 0x70, 0x25, 0x66, 0x62, 0x04, 0xc6, 0x9c, 0x0b, 0x72}; - - const uint8_t test_vector_6_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_6_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, 0x99, 0x8d, - 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, 0x12, 0x15, 0x35, 0x24, - 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x01}; - const uint8_t test_vector_6_plaintext[1] = {}; - const uint8_t test_vector_6_ciphertext_and_tag[] = { - 0x2f, 0x0b, 0xc5, 0xaf, 0x40, 0x9e, 0x06, 0xd6, - 0x09, 0xea, 0x8b, 0x7d, 0x0f, 0xa5, 0xea, 0x50}; - gsec_aead_malloc_test_vector( - &test_vector_6, test_vector_6_key, - sizeof(test_vector_6_key) / sizeof(uint8_t), test_vector_6_nonce, - sizeof(test_vector_6_nonce) / sizeof(uint8_t), test_vector_6_aad, - sizeof(test_vector_6_aad) / sizeof(uint8_t), test_vector_6_plaintext, 0, - test_vector_6_ciphertext_and_tag, - sizeof(test_vector_6_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_6); - gsec_aead_free_test_vector(test_vector_6); - - /* 2.2.1 60-byte crypt */ - gsec_aead_test_vector* test_vector_7; - const uint8_t test_vector_7_key[] = {0xad, 0x7a, 0x2b, 0xd0, 0x3e, 0xac, - 0x83, 0x5a, 0x6f, 0x62, 0x0f, 0xdc, - 0xb5, 0x06, 0xb3, 0x45}; - - const uint8_t test_vector_7_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_7_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, - 0x99, 0x8d, 0x88, 0xe5, 0x2e, 0x00, 0xb2, 0xc2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81}; - const uint8_t test_vector_7_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x02}; - const uint8_t test_vector_7_ciphertext_and_tag[] = { - 0x70, 0x1a, 0xfa, 0x1c, 0xc0, 0x39, 0xc0, 0xd7, 0x65, 0x12, 0x8a, - 0x66, 0x5d, 0xab, 0x69, 0x24, 0x38, 0x99, 0xbf, 0x73, 0x18, 0xcc, - 0xdc, 0x81, 0xc9, 0x93, 0x1d, 0xa1, 0x7f, 0xbe, 0x8e, 0xdd, 0x7d, - 0x17, 0xcb, 0x8b, 0x4c, 0x26, 0xfc, 0x81, 0xe3, 0x28, 0x4f, 0x2b, - 0x7f, 0xba, 0x71, 0x3d, 0x4f, 0x8d, 0x55, 0xe7, 0xd3, 0xf0, 0x6f, - 0xd5, 0xa1, 0x3c, 0x0c, 0x29, 0xb9, 0xd5, 0xb8, 0x80}; - gsec_aead_malloc_test_vector( - &test_vector_7, test_vector_7_key, - sizeof(test_vector_7_key) / sizeof(uint8_t), test_vector_7_nonce, - sizeof(test_vector_7_nonce) / sizeof(uint8_t), test_vector_7_aad, - sizeof(test_vector_7_aad) / sizeof(uint8_t), test_vector_7_plaintext, - sizeof(test_vector_7_plaintext) / sizeof(uint8_t), - test_vector_7_ciphertext_and_tag, - sizeof(test_vector_7_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_7); - gsec_aead_free_test_vector(test_vector_7); - - /* 2.2.2 60-byte crypt */ - gsec_aead_test_vector* test_vector_8; - const uint8_t test_vector_8_key[] = { - 0xe3, 0xc0, 0x8a, 0x8f, 0x06, 0xc6, 0xe3, 0xad, 0x95, 0xa7, 0x05, - 0x57, 0xb2, 0x3f, 0x75, 0x48, 0x3c, 0xe3, 0x30, 0x21, 0xa9, 0xc7, - 0x2b, 0x70, 0x25, 0x66, 0x62, 0x04, 0xc6, 0x9c, 0x0b, 0x72}; - const uint8_t test_vector_8_nonce[] = {0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, - 0x5e, 0x81, 0xb2, 0xc2, 0x84, 0x65}; - const uint8_t test_vector_8_aad[] = { - 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, 0x46, 0xdf, - 0x99, 0x8d, 0x88, 0xe5, 0x2e, 0x00, 0xb2, 0xc2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81}; - const uint8_t test_vector_8_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x02}; - const uint8_t test_vector_8_ciphertext_and_tag[] = { - 0xe2, 0x00, 0x6e, 0xb4, 0x2f, 0x52, 0x77, 0x02, 0x2d, 0x9b, 0x19, - 0x92, 0x5b, 0xc4, 0x19, 0xd7, 0xa5, 0x92, 0x66, 0x6c, 0x92, 0x5f, - 0xe2, 0xef, 0x71, 0x8e, 0xb4, 0xe3, 0x08, 0xef, 0xea, 0xa7, 0xc5, - 0x27, 0x3b, 0x39, 0x41, 0x18, 0x86, 0x0a, 0x5b, 0xe2, 0xa9, 0x7f, - 0x56, 0xab, 0x78, 0x36, 0x5c, 0xa5, 0x97, 0xcd, 0xbb, 0x3e, 0xdb, - 0x8d, 0x1a, 0x11, 0x51, 0xea, 0x0a, 0xf7, 0xb4, 0x36}; - gsec_aead_malloc_test_vector( - &test_vector_8, test_vector_8_key, - sizeof(test_vector_8_key) / sizeof(uint8_t), test_vector_8_nonce, - sizeof(test_vector_8_nonce) / sizeof(uint8_t), test_vector_8_aad, - sizeof(test_vector_8_aad) / sizeof(uint8_t), test_vector_8_plaintext, - sizeof(test_vector_8_plaintext) / sizeof(uint8_t), - test_vector_8_ciphertext_and_tag, - sizeof(test_vector_8_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_8); - gsec_aead_free_test_vector(test_vector_8); - - /* 2.3.1 60-byte auth */ - gsec_aead_test_vector* test_vector_9; - const uint8_t test_vector_9_key[] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7, - 0x43, 0xfe, 0xcc, 0xcf, 0x3d, 0x05, - 0x1f, 0x73, 0x73, 0x82}; - const uint8_t test_vector_9_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_9_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x88, 0xe5, 0x40, 0x00, 0x76, 0xd4, 0x57, 0xed, 0x08, 0x00, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x03}; - const uint8_t test_vector_9_plaintext[1] = {}; - const uint8_t test_vector_9_ciphertext_and_tag[] = { - 0x0c, 0x01, 0x7b, 0xc7, 0x3b, 0x22, 0x7d, 0xfc, - 0xc9, 0xba, 0xfa, 0x1c, 0x41, 0xac, 0xc3, 0x53}; - gsec_aead_malloc_test_vector( - &test_vector_9, test_vector_9_key, - sizeof(test_vector_9_key) / sizeof(uint8_t), test_vector_9_nonce, - sizeof(test_vector_9_nonce) / sizeof(uint8_t), test_vector_9_aad, - sizeof(test_vector_9_aad) / sizeof(uint8_t), test_vector_9_plaintext, 0, - test_vector_9_ciphertext_and_tag, - sizeof(test_vector_9_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_9); - gsec_aead_free_test_vector(test_vector_9); - - /* 2.3.2 60-byte auth */ - gsec_aead_test_vector* test_vector_10; - const uint8_t test_vector_10_key[] = { - 0x69, 0x1d, 0x3e, 0xe9, 0x09, 0xd7, 0xf5, 0x41, 0x67, 0xfd, 0x1c, - 0xa0, 0xb5, 0xd7, 0x69, 0x08, 0x1f, 0x2b, 0xde, 0x1a, 0xee, 0x65, - 0x5f, 0xdb, 0xab, 0x80, 0xbd, 0x52, 0x95, 0xae, 0x6b, 0xe7}; - const uint8_t test_vector_10_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_10_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x88, 0xe5, 0x40, 0x00, 0x76, 0xd4, 0x57, 0xed, 0x08, 0x00, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x00, 0x03}; - const uint8_t test_vector_10_plaintext[1] = {}; - const uint8_t test_vector_10_ciphertext_and_tag[] = { - 0x35, 0x21, 0x7c, 0x77, 0x4b, 0xbc, 0x31, 0xb6, - 0x31, 0x66, 0xbc, 0xf9, 0xd4, 0xab, 0xed, 0x07}; - gsec_aead_malloc_test_vector( - &test_vector_10, test_vector_10_key, - sizeof(test_vector_10_key) / sizeof(uint8_t), test_vector_10_nonce, - sizeof(test_vector_10_nonce) / sizeof(uint8_t), test_vector_10_aad, - sizeof(test_vector_10_aad) / sizeof(uint8_t), test_vector_10_plaintext, 0, - test_vector_10_ciphertext_and_tag, - sizeof(test_vector_10_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_10); - gsec_aead_free_test_vector(test_vector_10); - - /* 2.4.1 54-byte crypt */ - gsec_aead_test_vector* test_vector_11; - const uint8_t test_vector_11_key[] = {0x07, 0x1b, 0x11, 0x3b, 0x0c, 0xa7, - 0x43, 0xfe, 0xcc, 0xcf, 0x3d, 0x05, - 0x1f, 0x73, 0x73, 0x82}; - const uint8_t test_vector_11_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_11_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, - 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_11_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04}; - const uint8_t test_vector_11_ciphertext_and_tag[] = { - 0x13, 0xb4, 0xc7, 0x2b, 0x38, 0x9d, 0xc5, 0x01, 0x8e, 0x72, 0xa1, 0x71, - 0xdd, 0x85, 0xa5, 0xd3, 0x75, 0x22, 0x74, 0xd3, 0xa0, 0x19, 0xfb, 0xca, - 0xed, 0x09, 0xa4, 0x25, 0xcd, 0x9b, 0x2e, 0x1c, 0x9b, 0x72, 0xee, 0xe7, - 0xc9, 0xde, 0x7d, 0x52, 0xb3, 0xf3, 0xd6, 0xa5, 0x28, 0x4f, 0x4a, 0x6d, - 0x3f, 0xe2, 0x2a, 0x5d, 0x6c, 0x2b, 0x96, 0x04, 0x94, 0xc3}; - gsec_aead_malloc_test_vector( - &test_vector_11, test_vector_11_key, - sizeof(test_vector_11_key) / sizeof(uint8_t), test_vector_11_nonce, - sizeof(test_vector_11_nonce) / sizeof(uint8_t), test_vector_11_aad, - sizeof(test_vector_11_aad) / sizeof(uint8_t), test_vector_11_plaintext, - sizeof(test_vector_11_plaintext) / sizeof(uint8_t), - test_vector_11_ciphertext_and_tag, - sizeof(test_vector_11_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_11); - gsec_aead_free_test_vector(test_vector_11); - - /* 2.4.2 54-byte crypt */ - gsec_aead_test_vector* test_vector_12; - const uint8_t test_vector_12_key[] = { - 0x69, 0x1d, 0x3e, 0xe9, 0x09, 0xd7, 0xf5, 0x41, 0x67, 0xfd, 0x1c, - 0xa0, 0xb5, 0xd7, 0x69, 0x08, 0x1f, 0x2b, 0xde, 0x1a, 0xee, 0x65, - 0x5f, 0xdb, 0xab, 0x80, 0xbd, 0x52, 0x95, 0xae, 0x6b, 0xe7}; - const uint8_t test_vector_12_nonce[] = {0xf0, 0x76, 0x1e, 0x8d, 0xcd, 0x3d, - 0x00, 0x01, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_12_aad[] = { - 0xe2, 0x01, 0x06, 0xd7, 0xcd, 0x0d, 0xf0, 0x76, 0x1e, 0x8d, - 0xcd, 0x3d, 0x88, 0xe5, 0x4c, 0x2a, 0x76, 0xd4, 0x57, 0xed}; - const uint8_t test_vector_12_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x00, 0x04}; - const uint8_t test_vector_12_ciphertext_and_tag[] = { - 0xc1, 0x62, 0x3f, 0x55, 0x73, 0x0c, 0x93, 0x53, 0x30, 0x97, 0xad, 0xda, - 0xd2, 0x56, 0x64, 0x96, 0x61, 0x25, 0x35, 0x2b, 0x43, 0xad, 0xac, 0xbd, - 0x61, 0xc5, 0xef, 0x3a, 0xc9, 0x0b, 0x5b, 0xee, 0x92, 0x9c, 0xe4, 0x63, - 0x0e, 0xa7, 0x9f, 0x6c, 0xe5, 0x19, 0x12, 0xaf, 0x39, 0xc2, 0xd1, 0xfd, - 0xc2, 0x05, 0x1f, 0x8b, 0x7b, 0x3c, 0x9d, 0x39, 0x7e, 0xf2}; - gsec_aead_malloc_test_vector( - &test_vector_12, test_vector_12_key, - sizeof(test_vector_12_key) / sizeof(uint8_t), test_vector_12_nonce, - sizeof(test_vector_12_nonce) / sizeof(uint8_t), test_vector_12_aad, - sizeof(test_vector_12_aad) / sizeof(uint8_t), test_vector_12_plaintext, - sizeof(test_vector_12_plaintext) / sizeof(uint8_t), - test_vector_12_ciphertext_and_tag, - sizeof(test_vector_12_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_12); - gsec_aead_free_test_vector(test_vector_12); - - /* 2.5.1 65-byte auth */ - gsec_aead_test_vector* test_vector_13; - const uint8_t test_vector_13_key[] = {0x01, 0x3f, 0xe0, 0x0b, 0x5f, 0x11, - 0xbe, 0x7f, 0x86, 0x6d, 0x0c, 0xbb, - 0xc5, 0x5a, 0x7a, 0x90}; - const uint8_t test_vector_13_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_13_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, 0x72, 0x77, - 0x88, 0xe5, 0x23, 0x00, 0x89, 0x32, 0xd6, 0x12, 0x7c, 0xfd, 0xe9, 0xf9, - 0xe3, 0x37, 0x24, 0xc6, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x00, 0x05}; - const uint8_t test_vector_13_plaintext[1] = {}; - const uint8_t test_vector_13_ciphertext_and_tag[] = { - 0x21, 0x78, 0x67, 0xe5, 0x0c, 0x2d, 0xad, 0x74, - 0xc2, 0x8c, 0x3b, 0x50, 0xab, 0xdf, 0x69, 0x5a}; - gsec_aead_malloc_test_vector( - &test_vector_13, test_vector_13_key, - sizeof(test_vector_13_key) / sizeof(uint8_t), test_vector_13_nonce, - sizeof(test_vector_13_nonce) / sizeof(uint8_t), test_vector_13_aad, - sizeof(test_vector_13_aad) / sizeof(uint8_t), test_vector_13_plaintext, 0, - test_vector_13_ciphertext_and_tag, - sizeof(test_vector_13_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_13); - gsec_aead_free_test_vector(test_vector_13); - - /* 2.5.2 65-byte auth */ - gsec_aead_test_vector* test_vector_14; - const uint8_t test_vector_14_key[] = { - 0x83, 0xc0, 0x93, 0xb5, 0x8d, 0xe7, 0xff, 0xe1, 0xc0, 0xda, 0x92, - 0x6a, 0xc4, 0x3f, 0xb3, 0x60, 0x9a, 0xc1, 0xc8, 0x0f, 0xee, 0x1b, - 0x62, 0x44, 0x97, 0xef, 0x94, 0x2e, 0x2f, 0x79, 0xa8, 0x23}; - const uint8_t test_vector_14_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_14_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, 0x72, 0x77, - 0x88, 0xe5, 0x23, 0x00, 0x89, 0x32, 0xd6, 0x12, 0x7c, 0xfd, 0xe9, 0xf9, - 0xe3, 0x37, 0x24, 0xc6, 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, - 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x00, 0x05}; - const uint8_t test_vector_14_plaintext[1] = {}; - const uint8_t test_vector_14_ciphertext_and_tag[] = { - 0x6e, 0xe1, 0x60, 0xe8, 0xfa, 0xec, 0xa4, 0xb3, - 0x6c, 0x86, 0xb2, 0x34, 0x92, 0x0c, 0xa9, 0x75}; - gsec_aead_malloc_test_vector( - &test_vector_14, test_vector_14_key, - sizeof(test_vector_14_key) / sizeof(uint8_t), test_vector_14_nonce, - sizeof(test_vector_14_nonce) / sizeof(uint8_t), test_vector_14_aad, - sizeof(test_vector_14_aad) / sizeof(uint8_t), test_vector_14_plaintext, 0, - test_vector_14_ciphertext_and_tag, - sizeof(test_vector_14_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_14); - gsec_aead_free_test_vector(test_vector_14); - - /* 2.6.1 61-byte crypt */ - gsec_aead_test_vector* test_vector_15; - const uint8_t test_vector_15_key[] = {0x01, 0x3f, 0xe0, 0x0b, 0x5f, 0x11, - 0xbe, 0x7f, 0x86, 0x6d, 0x0c, 0xbb, - 0xc5, 0x5a, 0x7a, 0x90}; - const uint8_t test_vector_15_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_15_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, - 0x72, 0x77, 0x88, 0xe5, 0x2f, 0x00, 0x89, 0x32, 0xd6, 0x12, - 0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, 0x24, 0xc6}; - const uint8_t test_vector_15_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, - 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x00, 0x06}; - const uint8_t test_vector_15_ciphertext_and_tag[] = { - 0x3a, 0x4d, 0xe6, 0xfa, 0x32, 0x19, 0x10, 0x14, 0xdb, 0xb3, 0x03, - 0xd9, 0x2e, 0xe3, 0xa9, 0xe8, 0xa1, 0xb5, 0x99, 0xc1, 0x4d, 0x22, - 0xfb, 0x08, 0x00, 0x96, 0xe1, 0x38, 0x11, 0x81, 0x6a, 0x3c, 0x9c, - 0x9b, 0xcf, 0x7c, 0x1b, 0x9b, 0x96, 0xda, 0x80, 0x92, 0x04, 0xe2, - 0x9d, 0x0e, 0x2a, 0x76, 0x42, 0xbf, 0xd3, 0x10, 0xa4, 0x83, 0x7c, - 0x81, 0x6c, 0xcf, 0xa5, 0xac, 0x23, 0xab, 0x00, 0x39, 0x88}; - gsec_aead_malloc_test_vector( - &test_vector_15, test_vector_15_key, - sizeof(test_vector_15_key) / sizeof(uint8_t), test_vector_15_nonce, - sizeof(test_vector_15_nonce) / sizeof(uint8_t), test_vector_15_aad, - sizeof(test_vector_15_aad) / sizeof(uint8_t), test_vector_15_plaintext, - sizeof(test_vector_15_plaintext) / sizeof(uint8_t), - test_vector_15_ciphertext_and_tag, - sizeof(test_vector_15_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_15); - gsec_aead_free_test_vector(test_vector_15); - - /* 2.6.2 61-byte crypt */ - gsec_aead_test_vector* test_vector_16; - const uint8_t test_vector_16_key[] = { - 0x83, 0xc0, 0x93, 0xb5, 0x8d, 0xe7, 0xff, 0xe1, 0xc0, 0xda, 0x92, - 0x6a, 0xc4, 0x3f, 0xb3, 0x60, 0x9a, 0xc1, 0xc8, 0x0f, 0xee, 0x1b, - 0x62, 0x44, 0x97, 0xef, 0x94, 0x2e, 0x2f, 0x79, 0xa8, 0x23}; - const uint8_t test_vector_16_nonce[] = {0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, - 0x24, 0xc6, 0x89, 0x32, 0xd6, 0x12}; - const uint8_t test_vector_16_aad[] = { - 0x84, 0xc5, 0xd5, 0x13, 0xd2, 0xaa, 0xf6, 0xe5, 0xbb, 0xd2, - 0x72, 0x77, 0x88, 0xe5, 0x2f, 0x00, 0x89, 0x32, 0xd6, 0x12, - 0x7c, 0xfd, 0xe9, 0xf9, 0xe3, 0x37, 0x24, 0xc6}; - const uint8_t test_vector_16_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, - 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x00, 0x06}; - const uint8_t test_vector_16_ciphertext_and_tag[] = { - 0x11, 0x02, 0x22, 0xff, 0x80, 0x50, 0xcb, 0xec, 0xe6, 0x6a, 0x81, - 0x3a, 0xd0, 0x9a, 0x73, 0xed, 0x7a, 0x9a, 0x08, 0x9c, 0x10, 0x6b, - 0x95, 0x93, 0x89, 0x16, 0x8e, 0xd6, 0xe8, 0x69, 0x8e, 0xa9, 0x02, - 0xeb, 0x12, 0x77, 0xdb, 0xec, 0x2e, 0x68, 0xe4, 0x73, 0x15, 0x5a, - 0x15, 0xa7, 0xda, 0xee, 0xd4, 0xa1, 0x0f, 0x4e, 0x05, 0x13, 0x9c, - 0x23, 0xdf, 0x00, 0xb3, 0xaa, 0xdc, 0x71, 0xf0, 0x59, 0x6a}; - gsec_aead_malloc_test_vector( - &test_vector_16, test_vector_16_key, - sizeof(test_vector_16_key) / sizeof(uint8_t), test_vector_16_nonce, - sizeof(test_vector_16_nonce) / sizeof(uint8_t), test_vector_16_aad, - sizeof(test_vector_16_aad) / sizeof(uint8_t), test_vector_16_plaintext, - sizeof(test_vector_16_plaintext) / sizeof(uint8_t), - test_vector_16_ciphertext_and_tag, - sizeof(test_vector_16_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_16); - gsec_aead_free_test_vector(test_vector_16); - - /* 2.7.1 79-byte crypt */ - gsec_aead_test_vector* test_vector_17; - const uint8_t test_vector_17_key[] = {0x88, 0xee, 0x08, 0x7f, 0xd9, 0x5d, - 0xa9, 0xfb, 0xf6, 0x72, 0x5a, 0xa9, - 0xd7, 0x57, 0xb0, 0xcd}; - const uint8_t test_vector_17_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_17_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, 0x4e, - 0xc5, 0x88, 0xe5, 0x41, 0x00, 0x2e, 0x58, 0x49, 0x5c, 0x08, 0x00, - 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, - 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x00, 0x07}; - const uint8_t test_vector_17_plaintext[1] = {}; - const uint8_t test_vector_17_ciphertext_and_tag[] = { - 0x07, 0x92, 0x2b, 0x8e, 0xbc, 0xf1, 0x0b, 0xb2, - 0x29, 0x75, 0x88, 0xca, 0x4c, 0x61, 0x45, 0x23}; - gsec_aead_malloc_test_vector( - &test_vector_17, test_vector_17_key, - sizeof(test_vector_17_key) / sizeof(uint8_t), test_vector_17_nonce, - sizeof(test_vector_17_nonce) / sizeof(uint8_t), test_vector_17_aad, - sizeof(test_vector_17_aad) / sizeof(uint8_t), test_vector_17_plaintext, 0, - test_vector_17_ciphertext_and_tag, - sizeof(test_vector_17_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_17); - gsec_aead_free_test_vector(test_vector_17); - - /* 2.7.2 79-byte crypt */ - gsec_aead_test_vector* test_vector_18; - const uint8_t test_vector_18_key[] = { - 0x4c, 0x97, 0x3d, 0xbc, 0x73, 0x64, 0x62, 0x16, 0x74, 0xf8, 0xb5, - 0xb8, 0x9e, 0x5c, 0x15, 0x51, 0x1f, 0xce, 0xd9, 0x21, 0x64, 0x90, - 0xfb, 0x1c, 0x1a, 0x2c, 0xaa, 0x0f, 0xfe, 0x04, 0x07, 0xe5}; - const uint8_t test_vector_18_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_18_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, 0x4e, - 0xc5, 0x88, 0xe5, 0x41, 0x00, 0x2e, 0x58, 0x49, 0x5c, 0x08, 0x00, - 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, - 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, - 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, - 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x00, 0x07}; - const uint8_t test_vector_18_plaintext[1] = {}; - const uint8_t test_vector_18_ciphertext_and_tag[] = { - 0x00, 0xbd, 0xa1, 0xb7, 0xe8, 0x76, 0x08, 0xbc, - 0xbf, 0x47, 0x0f, 0x12, 0x15, 0x7f, 0x4c, 0x07}; - gsec_aead_malloc_test_vector( - &test_vector_18, test_vector_18_key, - sizeof(test_vector_18_key) / sizeof(uint8_t), test_vector_18_nonce, - sizeof(test_vector_18_nonce) / sizeof(uint8_t), test_vector_18_aad, - sizeof(test_vector_18_aad) / sizeof(uint8_t), test_vector_18_plaintext, 0, - test_vector_18_ciphertext_and_tag, - sizeof(test_vector_18_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_18); - gsec_aead_free_test_vector(test_vector_18); - - /* 2.8.1 61-byte crypt */ - gsec_aead_test_vector* test_vector_19; - const uint8_t test_vector_19_key[] = {0x88, 0xee, 0x08, 0x7f, 0xd9, 0x5d, - 0xa9, 0xfb, 0xf6, 0x72, 0x5a, 0xa9, - 0xd7, 0x57, 0xb0, 0xcd}; - const uint8_t test_vector_19_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_19_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, - 0x4e, 0xc5, 0x88, 0xe5, 0x4d, 0x00, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_19_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08}; - const uint8_t test_vector_19_ciphertext_and_tag[] = { - 0xc3, 0x1f, 0x53, 0xd9, 0x9e, 0x56, 0x87, 0xf7, 0x36, 0x51, 0x19, 0xb8, - 0x32, 0xd2, 0xaa, 0xe7, 0x07, 0x41, 0xd5, 0x93, 0xf1, 0xf9, 0xe2, 0xab, - 0x34, 0x55, 0x77, 0x9b, 0x07, 0x8e, 0xb8, 0xfe, 0xac, 0xdf, 0xec, 0x1f, - 0x8e, 0x3e, 0x52, 0x77, 0xf8, 0x18, 0x0b, 0x43, 0x36, 0x1f, 0x65, 0x12, - 0xad, 0xb1, 0x6d, 0x2e, 0x38, 0x54, 0x8a, 0x2c, 0x71, 0x9d, 0xba, 0x72, - 0x28, 0xd8, 0x40, 0x88, 0xf8, 0x75, 0x7a, 0xdb, 0x8a, 0xa7, 0x88, 0xd8, - 0xf6, 0x5a, 0xd6, 0x68, 0xbe, 0x70, 0xe7}; - gsec_aead_malloc_test_vector( - &test_vector_19, test_vector_19_key, - sizeof(test_vector_19_key) / sizeof(uint8_t), test_vector_19_nonce, - sizeof(test_vector_19_nonce) / sizeof(uint8_t), test_vector_19_aad, - sizeof(test_vector_19_aad) / sizeof(uint8_t), test_vector_19_plaintext, - sizeof(test_vector_19_plaintext) / sizeof(uint8_t), - test_vector_19_ciphertext_and_tag, - sizeof(test_vector_19_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_19); - gsec_aead_free_test_vector(test_vector_19); - - /* 2.8.2 61-byte crypt */ - gsec_aead_test_vector* test_vector_20; - const uint8_t test_vector_20_key[] = { - 0x4c, 0x97, 0x3d, 0xbc, 0x73, 0x64, 0x62, 0x16, 0x74, 0xf8, 0xb5, - 0xb8, 0x9e, 0x5c, 0x15, 0x51, 0x1f, 0xce, 0xd9, 0x21, 0x64, 0x90, - 0xfb, 0x1c, 0x1a, 0x2c, 0xaa, 0x0f, 0xfe, 0x04, 0x07, 0xe5}; - const uint8_t test_vector_20_nonce[] = {0x7a, 0xe8, 0xe2, 0xca, 0x4e, 0xc5, - 0x00, 0x01, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_20_aad[] = { - 0x68, 0xf2, 0xe7, 0x76, 0x96, 0xce, 0x7a, 0xe8, 0xe2, 0xca, - 0x4e, 0xc5, 0x88, 0xe5, 0x4d, 0x00, 0x2e, 0x58, 0x49, 0x5c}; - const uint8_t test_vector_20_plaintext[] = { - 0x08, 0x00, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, - 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, - 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, - 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x00, 0x08}; - const uint8_t test_vector_20_ciphertext_and_tag[] = { - 0xba, 0x8a, 0xe3, 0x1b, 0xc5, 0x06, 0x48, 0x6d, 0x68, 0x73, 0xe4, 0xfc, - 0xe4, 0x60, 0xe7, 0xdc, 0x57, 0x59, 0x1f, 0xf0, 0x06, 0x11, 0xf3, 0x1c, - 0x38, 0x34, 0xfe, 0x1c, 0x04, 0xad, 0x80, 0xb6, 0x68, 0x03, 0xaf, 0xcf, - 0x5b, 0x27, 0xe6, 0x33, 0x3f, 0xa6, 0x7c, 0x99, 0xda, 0x47, 0xc2, 0xf0, - 0xce, 0xd6, 0x8d, 0x53, 0x1b, 0xd7, 0x41, 0xa9, 0x43, 0xcf, 0xf7, 0xa6, - 0x71, 0x3b, 0xd0, 0x26, 0x11, 0xcd, 0x7d, 0xaa, 0x01, 0xd6, 0x1c, 0x5c, - 0x88, 0x6d, 0xc1, 0xa8, 0x17, 0x01, 0x07}; - gsec_aead_malloc_test_vector( - &test_vector_20, test_vector_20_key, - sizeof(test_vector_20_key) / sizeof(uint8_t), test_vector_20_nonce, - sizeof(test_vector_20_nonce) / sizeof(uint8_t), test_vector_20_aad, - sizeof(test_vector_20_aad) / sizeof(uint8_t), test_vector_20_plaintext, - sizeof(test_vector_20_plaintext) / sizeof(uint8_t), - test_vector_20_ciphertext_and_tag, - sizeof(test_vector_20_ciphertext_and_tag) / sizeof(uint8_t)); - gsec_test_verify_crypter_on_test_vector(test_vector_20); - gsec_aead_free_test_vector(test_vector_20); -} - -int main(int argc, char** argv) { - grpc_init(); - gsec_test_do_generic_crypter_tests(); - gsec_test_do_vector_tests_nist(); - gsec_test_do_vector_tests_ieee(); - gsec_test_do_vector_tests_rekey_nist(); - gsec_test_do_vector_tests_rekey_ieee(); - grpc_shutdown(); - return 0; -} diff --git a/test/core/tsi/alts/crypt/gsec_test_util.cc b/test/core/tsi/alts/crypt/gsec_test_util.cc deleted file mode 100644 index 992c91e6bc..0000000000 --- a/test/core/tsi/alts/crypt/gsec_test_util.cc +++ /dev/null @@ -1,87 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -#include - -void gsec_test_random_bytes(uint8_t* bytes, size_t length) { - if (!RAND_bytes(bytes, static_cast(length))) { - fprintf(stderr, - "Random bytes generation failed in gsec_test_random_bytes()."); - abort(); - } -} - -void gsec_test_random_array(uint8_t** bytes, size_t length) { - if (bytes != nullptr) { - *bytes = static_cast(gpr_malloc(length)); - gsec_test_random_bytes(*bytes, length); - } else { - fprintf(stderr, "bytes buffer is nullptr in gsec_test_random_array()."); - abort(); - } -} - -uint32_t gsec_test_bias_random_uint32(uint32_t max_length) { - uint32_t value; - gsec_test_random_bytes((uint8_t*)(&value), sizeof(value)); - return value % max_length; -} - -void gsec_test_copy(const uint8_t* src, uint8_t** des, size_t source_len) { - if (src != nullptr && des != nullptr) { - *des = static_cast(gpr_malloc(source_len)); - memcpy(*des, src, source_len); - } else { - fprintf(stderr, "Either src or des buffer is nullptr in gsec_test_copy()."); - abort(); - } -} - -void gsec_test_copy_and_alter_random_byte(const uint8_t* src, uint8_t** des, - size_t source_len) { - if (src != nullptr && des != nullptr) { - *des = static_cast(gpr_malloc(source_len)); - memcpy(*des, src, source_len); - uint32_t offset; - offset = gsec_test_bias_random_uint32(static_cast(source_len)); - (*(*des + offset))++; - } else { - fprintf(stderr, - "Either src or des is nullptr in " - "gsec_test_copy_and_alter_random_byte()."); - abort(); - } -} - -int gsec_test_expect_compare_code_and_substr(grpc_status_code status1, - grpc_status_code status2, - const char* msg1, - const char* msg2) { - int failure = 1; - if (status1 != status2) { - fprintf(stderr, "Status %d does not equal %d.\n", status1, status2); - failure = 0; - } - if (strstr(msg1, msg2) == nullptr) { - fprintf(stderr, "Status message <%s> does not contain <%s>.\n", msg1, msg2); - failure = 0; - } - return failure; -} diff --git a/test/core/tsi/alts/crypt/gsec_test_util.h b/test/core/tsi/alts/crypt/gsec_test_util.h deleted file mode 100644 index 206ae2fda8..0000000000 --- a/test/core/tsi/alts/crypt/gsec_test_util.h +++ /dev/null @@ -1,91 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ -#define GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ - -#include -#include -#include -#include - -#include - -#include - -/** - * This method returns random bytes of certain length. - * - * - bytes: buffer to hold random bytes. - * - length: length of buffer to be populated. - */ -void gsec_test_random_bytes(uint8_t* bytes, size_t length); - -/** - * This method returns an array of random bytes. - * - * - bytes: array to hold random bytes. - * - length: length of array to be populated. - */ -void gsec_test_random_array(uint8_t** bytes, size_t length); - -/** - * This method returns a uint32 that's not quite uniformly random, but good - * enough for tests. - * - * - max_length: a max value the returned random number can choose. - */ -uint32_t gsec_test_bias_random_uint32(uint32_t max_length); - -/** - * This method copies data from a source to a destination buffer. - * - * - src: a source buffer. - * - des: a destination buffer. - * - length: the length of source buffer to be copied from its beginning. - */ -void gsec_test_copy(const uint8_t* src, uint8_t** des, size_t length); - -/** - * This method copies data from a source to a destination buffer, and flips one - * byte in the destination buffer randomly. - * - * - src: a source buffer. - * - des: a destination buffer. - * - length: the length of source buffer to be copied from its beginning. - */ -void gsec_test_copy_and_alter_random_byte(const uint8_t* src, uint8_t** des, - size_t source_len); - -/** - * This method compares two grpc_status_code values, and verifies if one string - * is a substring of the other. - * - * - status1: the first grpc_status_code to be compared. - * - status2: the second grpc_status_code to be compared. - * - msg1: a string to be scanned. - * - msg2: a small string to be searched within msg1. - * - * If both checks succeed, the method returns 1 and otherwise, it returns 0. - */ -int gsec_test_expect_compare_code_and_substr(grpc_status_code status1, - grpc_status_code status2, - const char* msg1, - const char* msg2); - -#endif // GRPC_TEST_CORE_TSI_ALTS_CRYPT_GSEC_TEST_UTIL_H_ */ diff --git a/test/core/tsi/alts/frame_protector/BUILD b/test/core/tsi/alts/frame_protector/BUILD deleted file mode 100644 index 8bbc8c6e5e..0000000000 --- a/test/core/tsi/alts/frame_protector/BUILD +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "frame_protector") - -grpc_cc_test( - name = "alts_counter_test", - srcs = ["alts_counter_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_crypter_test", - srcs = ["alts_crypter_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_frame_protector_test", - srcs = ["alts_frame_protector_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - "//test/core/tsi:transport_security_test_lib", - ], -) - -grpc_cc_test( - name = "frame_handler_test", - srcs = ["frame_handler_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) diff --git a/test/core/tsi/alts/frame_protector/alts_counter_test.cc b/test/core/tsi/alts/frame_protector/alts_counter_test.cc deleted file mode 100644 index 49ff82108b..0000000000 --- a/test/core/tsi/alts/frame_protector/alts_counter_test.cc +++ /dev/null @@ -1,180 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include - -#include "src/core/tsi/alts/frame_protector/alts_counter.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -const size_t kSmallCounterSize = 4; -const size_t kSmallOverflowSize = 1; -const size_t kGcmCounterSize = 12; -const size_t kGcmOverflowSize = 5; - -static bool do_bytes_represent_client(alts_counter* ctr, unsigned char* counter, - size_t size) { - return (ctr->counter[size - 1] & 0x80) == 0x80; -} - -static void alts_counter_test_input_sanity_check(size_t counter_size, - size_t overflow_size) { - alts_counter* ctr = nullptr; - char* error_details = nullptr; - - /* Input sanity check on alts_counter_create(). */ - /* Invalid counter size. */ - grpc_status_code status = - alts_counter_create(true, 0, overflow_size, &ctr, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "counter_size is invalid.")); - gpr_free(error_details); - - /* Invalid overflow size. */ - status = alts_counter_create(true, counter_size, 0, &ctr, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "overflow_size is invalid.")); - gpr_free(error_details); - - /* alts_counter is nullptr. */ - status = alts_counter_create(true, counter_size, overflow_size, nullptr, - &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "crypter_counter is nullptr.")); - gpr_free(error_details); - - status = alts_counter_create(true, counter_size, overflow_size, &ctr, - &error_details); - GPR_ASSERT(status == GRPC_STATUS_OK); - - /* Input sanity check on alts_counter_increment(). */ - /* crypter_counter is nullptr. */ - bool is_overflow = false; - status = alts_counter_increment(nullptr, &is_overflow, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "crypter_counter is nullptr.")); - gpr_free(error_details); - /* is_overflow is nullptr. */ - status = alts_counter_increment(ctr, nullptr, &error_details); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_details, - "is_overflow is nullptr.")); - gpr_free(error_details); - alts_counter_destroy(ctr); -} - -static void alts_counter_test_overflow_full_range(bool is_client, - size_t counter_size, - size_t overflow_size) { - alts_counter* ctr = nullptr; - char* error_details = nullptr; - grpc_status_code status = alts_counter_create( - is_client, counter_size, overflow_size, &ctr, &error_details); - GPR_ASSERT(status == GRPC_STATUS_OK); - unsigned char* expected = - static_cast(gpr_zalloc(counter_size)); - if (is_client) { - expected[counter_size - 1] = 0x80; - } - /* Do a single iteration to ensure the counter is initialized as expected. */ - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(memcmp(alts_counter_get_counter(ctr), expected, counter_size) == - 0); - bool is_overflow = false; - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_OK); - GPR_ASSERT(!is_overflow); - /** - * The counter can return 2^{overflow_size * 8} counters. The - * high-order bit is fixed to the client/server. The last call will yield a - * useable counter, but overflow the counter object. - */ - int iterations = 1 << (overflow_size * 8); - int ind = 1; - for (ind = 1; ind < iterations - 1; ind++) { - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_OK); - GPR_ASSERT(!is_overflow); - } - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_FAILED_PRECONDITION); - GPR_ASSERT(is_overflow); - gpr_free(expected); - alts_counter_destroy(ctr); -} - -/* Set the counter manually and make sure it overflows as expected. */ -static void alts_counter_test_overflow_single_increment(bool is_client, - size_t counter_size, - size_t overflow_size) { - alts_counter* ctr = nullptr; - char* error_details = nullptr; - grpc_status_code status = alts_counter_create( - is_client, counter_size, overflow_size, &ctr, &error_details); - GPR_ASSERT(status == GRPC_STATUS_OK); - unsigned char* expected = - static_cast(gpr_zalloc(counter_size)); - memset(expected, 0xFF, overflow_size); - expected[0] = 0xFE; - - if (is_client) { - expected[counter_size - 1] = 0x80; - } - memcpy(ctr->counter, expected, counter_size); - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - GPR_ASSERT(memcmp(expected, alts_counter_get_counter(ctr), counter_size) == - 0); - bool is_overflow = false; - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_OK); - GPR_ASSERT(!is_overflow); - GPR_ASSERT(do_bytes_represent_client(ctr, alts_counter_get_counter(ctr), - counter_size) == is_client); - expected[0] = static_cast(expected[0] + 1); - GPR_ASSERT(memcmp(expected, alts_counter_get_counter(ctr), counter_size) == - 0); - GPR_ASSERT(alts_counter_increment(ctr, &is_overflow, &error_details) == - GRPC_STATUS_FAILED_PRECONDITION); - GPR_ASSERT(is_overflow); - gpr_free(expected); - alts_counter_destroy(ctr); -} - -int main(int argc, char** argv) { - alts_counter_test_input_sanity_check(kGcmCounterSize, kGcmOverflowSize); - alts_counter_test_overflow_full_range(true, kSmallCounterSize, - kSmallOverflowSize); - alts_counter_test_overflow_full_range(false, kSmallCounterSize, - kSmallOverflowSize); - alts_counter_test_overflow_single_increment(true, kGcmCounterSize, - kGcmOverflowSize); - alts_counter_test_overflow_single_increment(false, kGcmCounterSize, - kGcmOverflowSize); - - return 0; -} diff --git a/test/core/tsi/alts/frame_protector/alts_crypter_test.cc b/test/core/tsi/alts/frame_protector/alts_crypter_test.cc deleted file mode 100644 index 0ad616bcd6..0000000000 --- a/test/core/tsi/alts/frame_protector/alts_crypter_test.cc +++ /dev/null @@ -1,493 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include -#include - -#include -#include - -#include "src/core/tsi/alts/frame_protector/alts_crypter.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -static void alts_crypter_test_random_seal_unseal(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - uint8_t* data_buffer = static_cast(gpr_malloc(protected_data_size)); - gsec_test_random_bytes(data_buffer, data_size); - uint8_t* duplicate_buffer = nullptr; - gsec_test_copy(data_buffer, &duplicate_buffer, data_size); - - /* Client seal and server unseal */ - size_t size = data_size; - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - status = alts_crypter_process_in_place( - server_unseal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer, duplicate_buffer, data_size) == 0); - GPR_ASSERT(size == data_size); - /* Server seal and client unseal */ - status = alts_crypter_process_in_place( - server_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - status = alts_crypter_process_in_place( - client_unseal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer, duplicate_buffer, data_size) == 0); - GPR_ASSERT(size == data_size); - gpr_free(data_buffer); - gpr_free(duplicate_buffer); -} - -static void alts_crypter_test_multiple_random_seal_unseal( - alts_crypter* server_seal, alts_crypter* server_unseal, - alts_crypter* client_seal, alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - - uint8_t* data_buffer1 = - static_cast(gpr_malloc(protected_data_size)); - uint8_t* data_buffer2 = - static_cast(gpr_malloc(protected_data_size)); - uint8_t* duplicate_buffer1 = nullptr; - uint8_t* duplicate_buffer2 = nullptr; - gsec_test_random_bytes(data_buffer1, data_size); - gsec_test_random_bytes(data_buffer2, data_size); - gsec_test_copy(data_buffer1, &duplicate_buffer1, data_size); - gsec_test_copy(data_buffer2, &duplicate_buffer2, data_size); - - /* Client seal and server unseal */ - size_t size1 = data_size, size2 = data_size; - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size1 == protected_data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size2 == protected_data_size); - status = alts_crypter_process_in_place( - server_unseal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer1, duplicate_buffer1, data_size) == 0); - GPR_ASSERT(size1 == data_size); - status = alts_crypter_process_in_place( - server_unseal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer2, duplicate_buffer2, data_size) == 0); - GPR_ASSERT(size2 == data_size); - - /* Server seal and client unseal */ - status = alts_crypter_process_in_place( - server_seal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size1 == protected_data_size); - status = alts_crypter_process_in_place( - server_seal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size2 == protected_data_size); - status = alts_crypter_process_in_place( - client_unseal, data_buffer1, protected_data_size, size1, &size1, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer1, duplicate_buffer1, data_size) == 0); - GPR_ASSERT(size1 == data_size); - status = alts_crypter_process_in_place( - client_unseal, data_buffer2, protected_data_size, size2, &size2, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(data_buffer2, duplicate_buffer2, data_size) == 0); - GPR_ASSERT(size2 == data_size); - - gpr_free(data_buffer1); - gpr_free(data_buffer2); - gpr_free(duplicate_buffer1); - gpr_free(duplicate_buffer2); -} - -static void alts_crypter_test_corrupted_unseal(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - auto* data_buffer = static_cast(gpr_malloc(protected_data_size)); - auto* zero_buffer = static_cast(gpr_zalloc(data_size)); - - /* Corrupt a random byte in protected data. */ - size_t size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - uint8_t* corrupted_data_buffer; - char* error_message = nullptr; - gsec_test_copy_and_alter_random_byte(data_buffer, &corrupted_data_buffer, - protected_data_size); - status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0); - gpr_free(corrupted_data_buffer); - gpr_free(error_message); - - /* Corrupt the beginning of protected data. */ - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - gsec_test_copy(data_buffer, &corrupted_data_buffer, protected_data_size); - (*corrupted_data_buffer)++; - status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0); - gpr_free(corrupted_data_buffer); - gpr_free(error_message); - - /* Corrupt the end of protected data. */ - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - gsec_test_copy(data_buffer, &corrupted_data_buffer, protected_data_size); - (*(corrupted_data_buffer + protected_data_size - 1))++; - status = alts_crypter_process_in_place(server_unseal, corrupted_data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(corrupted_data_buffer, zero_buffer, data_size) == 0); - gpr_free(corrupted_data_buffer); - gpr_free(error_message); - - gpr_free(data_buffer); - gpr_free(zero_buffer); -} - -static void alts_crypter_test_unsync_seal_unseal(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(server_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - auto* data_buffer = static_cast(gpr_malloc(protected_data_size)); - auto* zero_buffer = static_cast(gpr_zalloc(data_size)); - - /* Perform two seals at client, one unseal at server. */ - size_t size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - grpc_status_code status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - client_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - char* error_message = nullptr; - status = alts_crypter_process_in_place(server_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(data_buffer, zero_buffer, data_size) == 0); - gpr_free(error_message); - - /* Perform two seals at server, one unseal at client. */ - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - server_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - size = data_size; - gsec_test_random_bytes(data_buffer, data_size); - status = alts_crypter_process_in_place( - server_seal, data_buffer, protected_data_size, size, &size, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(size == protected_data_size); - - status = alts_crypter_process_in_place(client_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Checking tag failed")); - GPR_ASSERT(memcmp(data_buffer, zero_buffer, data_size) == 0); - gpr_free(error_message); - gpr_free(data_buffer); - gpr_free(zero_buffer); -} - -static void alts_crypter_test_input_sanity_check(alts_crypter* crypter_seal, - alts_crypter* crypter_unseal) { - size_t data_size = gsec_test_bias_random_uint32(1024) + 1; - size_t num_overhead_bytes = alts_crypter_num_overhead_bytes(crypter_seal); - size_t protected_data_size = data_size + num_overhead_bytes; - auto* data_buffer = static_cast(gpr_malloc(protected_data_size)); - gsec_test_random_bytes(data_buffer, data_size); - char* error_message = nullptr; - size_t size = data_size; - - /* Crypter is nullptr. */ - grpc_status_code status = alts_crypter_process_in_place( - nullptr, data_buffer, protected_data_size, size, &size, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "crypter or crypter->vtable has not been initialized properly.")); - gpr_free(error_message); - - /* Seal data is nullptr. */ - size = data_size; - status = alts_crypter_process_in_place( - crypter_seal, nullptr, protected_data_size, size, &size, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "data is nullptr.")); - gpr_free(error_message); - - /* Seal data size is 0. */ - size = 0; - status = alts_crypter_process_in_place(crypter_seal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_size is zero.")); - gpr_free(error_message); - - /* Seal data buffer has a size smaller than the required. */ - size = data_size; - status = alts_crypter_process_in_place(crypter_seal, data_buffer, - protected_data_size - 1, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_allocated_size is smaller than sum of data_size and " - "num_overhead_bytes.")); - gpr_free(error_message); - - /* Unseal data is nullptr. */ - size = data_size; - status = alts_crypter_process_in_place(crypter_unseal, nullptr, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "data is nullptr.")); - gpr_free(error_message); - - /* Unseal data size is 0. */ - size = 0; - status = alts_crypter_process_in_place(crypter_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_size is smaller than num_overhead_bytes.")); - gpr_free(error_message); - - /* Unseal data size is smaller than number of overhead bytes. */ - size = num_overhead_bytes - 1; - status = alts_crypter_process_in_place(crypter_unseal, data_buffer, - protected_data_size, size, &size, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "data_size is smaller than num_overhead_bytes.")); - gpr_free(error_message); - gpr_free(data_buffer); -} - -static void create_random_alts_seal_crypter( - alts_crypter** server_seal, alts_crypter** server_unseal, - alts_crypter** client_seal, alts_crypter** client_unseal, - gsec_aead_crypter** server_crypter_seal, - gsec_aead_crypter** server_crypter_unseal, - gsec_aead_crypter** client_crypter_seal, - gsec_aead_crypter** client_crypter_unseal, bool rekey) { - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, server_crypter_seal, - nullptr); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, - server_crypter_unseal, nullptr); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, client_crypter_seal, - nullptr); - gsec_aes_gcm_aead_crypter_create(key, key_length, kAesGcmNonceLength, - kAesGcmTagLength, rekey, - client_crypter_unseal, nullptr); - - size_t overflow_size = rekey ? 8 : 5; - alts_seal_crypter_create(*client_crypter_seal, /*is_client=*/true, - overflow_size, client_seal, nullptr); - alts_unseal_crypter_create(*client_crypter_unseal, /*is_client=*/true, - overflow_size, client_unseal, nullptr); - alts_seal_crypter_create(*server_crypter_seal, /*is_client=*/false, - overflow_size, server_seal, nullptr); - alts_unseal_crypter_create(*server_crypter_unseal, /*is_client=*/false, - overflow_size, server_unseal, nullptr); - gpr_free(key); -} - -static void destroy_random_alts_seal_crypter(alts_crypter* server_seal, - alts_crypter* server_unseal, - alts_crypter* client_seal, - alts_crypter* client_unseal) { - alts_crypter_destroy(server_seal); - alts_crypter_destroy(server_unseal); - alts_crypter_destroy(client_seal); - alts_crypter_destroy(client_unseal); -} - -static void alts_crypter_do_generic_tests() { - alts_crypter *server_seal = nullptr, *server_unseal = nullptr, - *client_seal = nullptr, *client_unseal = nullptr; - gsec_aead_crypter *server_crypter_seal = nullptr, - *server_crypter_unseal = nullptr, - *client_crypter_seal = nullptr, - *client_crypter_unseal = nullptr; - /* Random seal and unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_random_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_random_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Multiple random seal and unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_multiple_random_seal_unseal(server_seal, server_unseal, - client_seal, client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_multiple_random_seal_unseal(server_seal, server_unseal, - client_seal, client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Corrupted unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_corrupted_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_corrupted_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Unsync seal and unseal tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_unsync_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_unsync_seal_unseal(server_seal, server_unseal, client_seal, - client_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - /* Input sanity check tests */ - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/false); - alts_crypter_test_input_sanity_check(server_seal, server_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); - - create_random_alts_seal_crypter(&server_seal, &server_unseal, &client_seal, - &client_unseal, &server_crypter_seal, - &server_crypter_unseal, &client_crypter_seal, - &client_crypter_unseal, /*rekey=*/true); - alts_crypter_test_input_sanity_check(server_seal, server_unseal); - destroy_random_alts_seal_crypter(server_seal, server_unseal, client_seal, - client_unseal); -} - -int main(int argc, char** argv) { - alts_crypter_do_generic_tests(); - return 0; -} diff --git a/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc b/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc deleted file mode 100644 index 2bd4958763..0000000000 --- a/test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc +++ /dev/null @@ -1,394 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include - -#include - -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/frame_protector/alts_frame_protector.h" -#include "src/core/tsi/transport_security_interface.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" -#include "test/core/tsi/transport_security_test_lib.h" - -const size_t kChannelSize = 32768; - -static void alts_test_do_round_trip_check_frames( - tsi_test_frame_protector_fixture* fixture, const uint8_t* key, - const size_t key_size, bool rekey, const uint8_t* client_message, - const size_t client_message_size, const uint8_t* client_expected_frames, - const size_t client_frame_size, const uint8_t* server_message, - const size_t server_message_size, const uint8_t* server_expected_frames, - const size_t server_frame_size) { - GPR_ASSERT(fixture != nullptr); - GPR_ASSERT(fixture->config != nullptr); - tsi_frame_protector* client_frame_protector = nullptr; - tsi_frame_protector* server_frame_protector = nullptr; - tsi_test_frame_protector_config* config = fixture->config; - tsi_test_channel* channel = fixture->channel; - /* Create a client frame protector. */ - size_t client_max_output_protected_frame_size = - config->client_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_size, /*is_client=*/true, rekey, - client_max_output_protected_frame_size == 0 - ? nullptr - : &client_max_output_protected_frame_size, - &client_frame_protector) == TSI_OK); - /* Create a server frame protector. */ - size_t server_max_output_protected_frame_size = - config->server_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_size, /*is_client=*/false, rekey, - server_max_output_protected_frame_size == 0 - ? nullptr - : &server_max_output_protected_frame_size, - &server_frame_protector) == TSI_OK); - tsi_test_frame_protector_fixture_init(fixture, client_frame_protector, - server_frame_protector); - /* Client sends a message to server. */ - uint8_t* saved_client_message = config->client_message; - config->client_message = const_cast(client_message); - config->client_message_size = client_message_size; - tsi_test_frame_protector_send_message_to_peer(config, channel, - client_frame_protector, - /*is_client=*/true); - /* Verify if the generated frame is the same as the expected. */ - GPR_ASSERT(channel->bytes_written_to_server_channel == client_frame_size); - GPR_ASSERT(memcmp(client_expected_frames, channel->server_channel, - client_frame_size) == 0); - unsigned char* server_received_message = - static_cast(gpr_malloc(kChannelSize)); - size_t server_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, server_frame_protector, server_received_message, - &server_received_message_size, /*is_client=*/false); - GPR_ASSERT(config->client_message_size == server_received_message_size); - GPR_ASSERT(memcmp(config->client_message, server_received_message, - server_received_message_size) == 0); - /* Server sends a message to client. */ - uint8_t* saved_server_message = config->server_message; - config->server_message = const_cast(server_message); - config->server_message_size = server_message_size; - tsi_test_frame_protector_send_message_to_peer(config, channel, - server_frame_protector, - /*is_client=*/false); - /* Verify if the generated frame is the same as the expected. */ - GPR_ASSERT(channel->bytes_written_to_client_channel == server_frame_size); - GPR_ASSERT(memcmp(server_expected_frames, channel->client_channel, - server_frame_size) == 0); - unsigned char* client_received_message = - static_cast(gpr_malloc(kChannelSize)); - size_t client_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, client_frame_protector, client_received_message, - &client_received_message_size, - /*is_client=*/true); - GPR_ASSERT(config->server_message_size == client_received_message_size); - GPR_ASSERT(memcmp(config->server_message, client_received_message, - client_received_message_size) == 0); - config->client_message = saved_client_message; - config->server_message = saved_server_message; - /* Destroy server and client frame protectors. */ - gpr_free(server_received_message); - gpr_free(client_received_message); -} - -static void alts_test_do_round_trip_vector_tests() { - const uint8_t key[] = {0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08}; - const char small_message[] = {'C', 'h', 'a', 'p', 'i', ' ', - 'C', 'h', 'a', 'p', 'o'}; - const uint8_t large_message[] = { - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, - 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, - 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39, - 0x1a, 0xaf, 0xd2, 0x55, 0xd6, 0x09, 0xb1, 0xf0, 0x56, 0x63, 0x7a, 0x0d, - 0x46, 0xdf, 0x99, 0x8d, 0x88, 0xe5, 0x22, 0x2a, 0xb2, 0xc2, 0x84, 0x65, - 0x12, 0x15, 0x35, 0x24, 0xc0, 0x89, 0x5e, 0x81, 0x08, 0x06, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30}; - const size_t small_message_size = sizeof(small_message) / sizeof(uint8_t); - const size_t large_message_size = sizeof(large_message) / sizeof(uint8_t); - /* Test small client message and large server message. */ - const uint8_t client_expected_frame1[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0xd8, 0xd5, 0x92, - 0x4d, 0x50, 0x32, 0xb7, 0x1f, 0xb8, 0xf2, 0xbb, 0x43, 0xc7, 0xe2, 0x94, - 0x3d, 0x3e, 0x9a, 0x78, 0x76, 0xaa, 0x0a, 0x6b, 0xfa, 0x98, 0x3a}; - const uint8_t server_expected_frame1[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xa9, 0x4b, 0xf8, 0xc8, - 0xe7, 0x8f, 0x1a, 0x26, 0x37, 0x44, 0xa2, 0x5c, 0x55, 0x94, 0x30, 0x4e, - 0x3e, 0x16, 0xe7, 0x9e, 0x96, 0xe8, 0x1b, 0xc0, 0xdd, 0x52, 0x30, 0x06, - 0xc2, 0x72, 0x9a, 0xa1, 0x0b, 0xdb, 0xdc, 0x19, 0x8c, 0x93, 0x5e, 0x84, - 0x1f, 0x4b, 0x97, 0x26, 0xf0, 0x73, 0x85, 0x59, 0x00, 0x95, 0xc1, 0xc5, - 0x22, 0x2f, 0x70, 0x85, 0x68, 0x2c, 0x4f, 0xfe, 0x30, 0x26, 0x91, 0xde, - 0x62, 0x55, 0x1d, 0x35, 0x01, 0x96, 0x1c, 0xe7, 0xa2, 0x8b, 0x14, 0x8a, - 0x5e, 0x1b, 0x4a, 0x3b, 0x4f, 0x65, 0x0f, 0xca, 0x79, 0x10, 0xb4, 0xdd, - 0xf7, 0xa4, 0x8b, 0x64, 0x2f, 0x00, 0x39, 0x60, 0x03, 0xfc, 0xe1, 0x8b, - 0x5c, 0x19, 0xba, 0xcc, 0x46, 0xba, 0x88, 0xdd, 0x40, 0x42, 0x27, 0x4f, - 0xe4, 0x1a, 0x6a, 0x31, 0x6c, 0x1c, 0xb0, 0xb6, 0x5c, 0x3e, 0xca, 0x84, - 0x9b, 0x5f, 0x04, 0x84, 0x11, 0xa9, 0xf8, 0x39, 0xe7, 0xe7, 0xc5, 0xc4, - 0x33, 0x9f, 0x63, 0x21, 0x9a, 0x7c, 0x9c, 0x64}; - const size_t client_frame_size1 = - sizeof(client_expected_frame1) / sizeof(uint8_t); - const size_t server_frame_size1 = - sizeof(server_expected_frame1) / sizeof(uint8_t); - tsi_test_frame_protector_fixture* fixture = - tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, - reinterpret_cast(small_message), small_message_size, - client_expected_frame1, client_frame_size1, large_message, - large_message_size, server_expected_frame1, server_frame_size1); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * message_buffer_allocated_size. - */ - const uint8_t client_expected_frame2[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame2[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size2 = - sizeof(client_expected_frame2) / sizeof(uint8_t); - const size_t server_frame_size2 = - sizeof(server_expected_frame2) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame2, client_frame_size2, - reinterpret_cast(small_message), small_message_size, - server_expected_frame2, server_frame_size2); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * protected_buffer_size. - */ - const uint8_t client_expected_frame3[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame3[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size3 = - sizeof(client_expected_frame3) / sizeof(uint8_t); - const size_t server_frame_size3 = - sizeof(server_expected_frame3) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame3, client_frame_size3, - reinterpret_cast(small_message), small_message_size, - server_expected_frame3, server_frame_size3); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * read_buffer_allocated_size. - */ - const uint8_t client_expected_frame4[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame4[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size4 = - sizeof(client_expected_frame4) / sizeof(uint8_t); - const size_t server_frame_size4 = - sizeof(server_expected_frame4) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame4, client_frame_size4, - reinterpret_cast(small_message), small_message_size, - server_expected_frame4, server_frame_size4); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test large client message, small server message, and small - * client_max_output_protected_frame_size. - */ - const uint8_t client_expected_frame5[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x93, 0x81, 0x86, 0xc7, - 0xdc, 0xf4, 0x77, 0x3a, 0xdb, 0x91, 0x94, 0x61, 0xba, 0xed, 0xd5, 0x37, - 0x47, 0x53, 0x0c, 0xe1, 0xbf, 0x59, 0x23, 0x20, 0xde, 0x8b, 0x25, 0x13, - 0x72, 0xe7, 0x8a, 0x4f, 0x32, 0x61, 0xc6, 0xda, 0xc3, 0xe9, 0xff, 0x31, - 0x33, 0x53, 0x4a, 0xf8, 0xc9, 0x98, 0xe4, 0x19, 0x71, 0x9c, 0x5e, 0x72, - 0xc7, 0x35, 0x97, 0x78, 0x30, 0xf2, 0xc4, 0xd1, 0x53, 0xd5, 0x6e, 0x8f, - 0x4f, 0xd9, 0x28, 0x5a, 0xfd, 0x22, 0x57, 0x7f, 0x95, 0xb4, 0x8a, 0x5e, - 0x7c, 0x47, 0xa8, 0xcf, 0x64, 0x3d, 0x83, 0xa5, 0xcf, 0xc3, 0xfe, 0x54, - 0xc2, 0x6a, 0x40, 0xc4, 0xfb, 0x8e, 0x07, 0x77, 0x70, 0x8f, 0x99, 0x94, - 0xb1, 0xd5, 0xa7, 0xf9, 0x0d, 0xc7, 0x11, 0xc5, 0x6f, 0x4a, 0x4f, 0x56, - 0xd5, 0xe2, 0x9c, 0xbb, 0x95, 0x7a, 0xd0, 0x9f, 0x30, 0x54, 0xca, 0x6d, - 0x5c, 0x8e, 0x83, 0xa0, 0x04, 0x5e, 0xd0, 0x22, 0x8c, 0x2a, 0x7f, 0xdb, - 0xfe, 0xb3, 0x2e, 0xae, 0x22, 0xe6, 0xf4, 0xb7}; - const uint8_t server_expected_frame5[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x33, 0x12, 0xab, 0x9d, - 0x76, 0x2b, 0x5f, 0xab, 0xf3, 0x6d, 0xc4, 0xaa, 0xe5, 0x1e, 0x63, 0xc1, - 0x7b, 0x7b, 0x10, 0xd5, 0x63, 0x0f, 0x29, 0xad, 0x17, 0x33, 0x73}; - const size_t client_frame_size5 = - sizeof(client_expected_frame5) / sizeof(uint8_t); - const size_t server_frame_size5 = - sizeof(server_expected_frame5) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, large_message, - large_message_size, client_expected_frame5, client_frame_size5, - reinterpret_cast(small_message), small_message_size, - server_expected_frame5, server_frame_size5); - tsi_test_frame_protector_fixture_destroy(fixture); - /** - * Test small client message, large server message, and small - * server_max_output_protected_frame_size. - */ - const uint8_t client_expected_frame6[] = { - 0x1f, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x09, 0xd8, 0xd5, 0x92, - 0x4d, 0x50, 0x32, 0xb7, 0x1f, 0xb8, 0xf2, 0xbb, 0x43, 0xc7, 0xe2, 0x94, - 0x3d, 0x3e, 0x9a, 0x78, 0x76, 0xaa, 0x0a, 0x6b, 0xfa, 0x98, 0x3a}; - const uint8_t server_expected_frame6[] = { - 0x94, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0xa9, 0x4b, 0xf8, 0xc8, - 0xe7, 0x8f, 0x1a, 0x26, 0x37, 0x44, 0xa2, 0x5c, 0x55, 0x94, 0x30, 0x4e, - 0x3e, 0x16, 0xe7, 0x9e, 0x96, 0xe8, 0x1b, 0xc0, 0xdd, 0x52, 0x30, 0x06, - 0xc2, 0x72, 0x9a, 0xa1, 0x0b, 0xdb, 0xdc, 0x19, 0x8c, 0x93, 0x5e, 0x84, - 0x1f, 0x4b, 0x97, 0x26, 0xf0, 0x73, 0x85, 0x59, 0x00, 0x95, 0xc1, 0xc5, - 0x22, 0x2f, 0x70, 0x85, 0x68, 0x2c, 0x4f, 0xfe, 0x30, 0x26, 0x91, 0xde, - 0x62, 0x55, 0x1d, 0x35, 0x01, 0x96, 0x1c, 0xe7, 0xa2, 0x8b, 0x14, 0x8a, - 0x5e, 0x1b, 0x4a, 0x3b, 0x4f, 0x65, 0x0f, 0xca, 0x79, 0x10, 0xb4, 0xdd, - 0xf7, 0xa4, 0x8b, 0x64, 0x2f, 0x00, 0x39, 0x60, 0x03, 0xfc, 0xe1, 0x8b, - 0x5c, 0x19, 0xba, 0xcc, 0x46, 0xba, 0x88, 0xdd, 0x40, 0x42, 0x27, 0x4f, - 0xe4, 0x1a, 0x6a, 0x31, 0x6c, 0x1c, 0xb0, 0xb6, 0x5c, 0x3e, 0xca, 0x84, - 0x9b, 0x5f, 0x04, 0x84, 0x11, 0xa9, 0xf8, 0x39, 0xe7, 0xe7, 0xc5, 0xc4, - 0x33, 0x9f, 0x63, 0x21, 0x9a, 0x7c, 0x9c, 0x64}; - const size_t client_frame_size6 = - sizeof(client_expected_frame6) / sizeof(uint8_t); - const size_t server_frame_size6 = - sizeof(server_expected_frame6) / sizeof(uint8_t); - fixture = tsi_test_frame_protector_fixture_create(); - alts_test_do_round_trip_check_frames( - fixture, key, kAes128GcmKeyLength, /*rekey=*/false, - reinterpret_cast(small_message), small_message_size, - client_expected_frame6, client_frame_size6, large_message, - large_message_size, server_expected_frame6, server_frame_size6); - tsi_test_frame_protector_fixture_destroy(fixture); -} - -static void alts_test_do_round_trip(tsi_test_frame_protector_fixture* fixture, - bool rekey) { - GPR_ASSERT(fixture != nullptr); - GPR_ASSERT(fixture->config != nullptr); - tsi_frame_protector* client_frame_protector = nullptr; - tsi_frame_protector* server_frame_protector = nullptr; - tsi_test_frame_protector_config* config = fixture->config; - /* Create a key to be used by both client and server. */ - uint8_t* key = nullptr; - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - gsec_test_random_array(&key, key_length); - /* Create a client frame protector. */ - size_t client_max_output_protected_frame_size = - config->client_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_length, /*is_client=*/true, rekey, - client_max_output_protected_frame_size == 0 - ? nullptr - : &client_max_output_protected_frame_size, - &client_frame_protector) == TSI_OK); - /* Create a server frame protector. */ - size_t server_max_output_protected_frame_size = - config->server_max_output_protected_frame_size; - GPR_ASSERT( - alts_create_frame_protector(key, key_length, /*is_client=*/false, rekey, - server_max_output_protected_frame_size == 0 - ? nullptr - : &server_max_output_protected_frame_size, - &server_frame_protector) == TSI_OK); - tsi_test_frame_protector_fixture_init(fixture, client_frame_protector, - server_frame_protector); - tsi_test_frame_protector_do_round_trip_no_handshake(fixture); - gpr_free(key); -} - -/* Run all combinations of different arguments of test config. */ -static void alts_test_do_round_trip_all(bool rekey) { - unsigned int* bit_array = static_cast( - gpr_malloc(sizeof(unsigned int) * TSI_TEST_NUM_OF_ARGUMENTS)); - unsigned int mask = 1U << (TSI_TEST_NUM_OF_ARGUMENTS - 1); - unsigned int val = 0, ind = 0; - for (val = 0; val < TSI_TEST_NUM_OF_COMBINATIONS; val++) { - unsigned int v = val; - for (ind = 0; ind < TSI_TEST_NUM_OF_ARGUMENTS; ind++) { - bit_array[ind] = (v & mask) ? 1 : 0; - v <<= 1; - } - tsi_test_frame_protector_fixture* fixture = - tsi_test_frame_protector_fixture_create(); - tsi_test_frame_protector_config_destroy(fixture->config); - fixture->config = tsi_test_frame_protector_config_create( - bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], - bit_array[5], bit_array[6]); - alts_test_do_round_trip(fixture, rekey); - tsi_test_frame_protector_fixture_destroy(fixture); - } - gpr_free(bit_array); -} - -int main(int argc, char** argv) { - alts_test_do_round_trip_vector_tests(); - alts_test_do_round_trip_all(/*rekey=*/false); - alts_test_do_round_trip_all(/*rekey=*/true); - return 0; -} diff --git a/test/core/tsi/alts/frame_protector/frame_handler_test.cc b/test/core/tsi/alts/frame_protector/frame_handler_test.cc deleted file mode 100644 index 6434ea1d31..0000000000 --- a/test/core/tsi/alts/frame_protector/frame_handler_test.cc +++ /dev/null @@ -1,244 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include -#include - -#include -#include - -#include "src/core/lib/gpr/useful.h" -#include "src/core/tsi/alts/frame_protector/frame_handler.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -const size_t kFrameHandlerTestBufferSize = 1024; - -typedef struct frame_handler { - alts_frame_writer* writer; - alts_frame_reader* reader; - unsigned char* buffer; - size_t buffer_size; -} frame_handler; - -static size_t frame_length(size_t payload_length) { - return payload_length + kFrameHeaderSize; -} - -static frame_handler* create_frame_handler() { - frame_handler* handler = - static_cast(gpr_malloc(sizeof(frame_handler))); - handler->writer = alts_create_frame_writer(); - handler->reader = alts_create_frame_reader(); - handler->buffer = nullptr; - handler->buffer_size = 0; - return handler; -} - -static void destroy_frame_handler(frame_handler* handler) { - if (handler != nullptr) { - alts_destroy_frame_reader(handler->reader); - alts_destroy_frame_writer(handler->writer); - if (handler->buffer != nullptr) gpr_free(handler->buffer); - gpr_free(handler); - } -} - -static void frame(frame_handler* handler, unsigned char* payload, - size_t payload_length, size_t write_length) { - handler->buffer_size = frame_length(payload_length); - handler->buffer = - static_cast(gpr_malloc(handler->buffer_size)); - GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length)); - size_t offset = 0; - while (offset < handler->buffer_size && - !alts_is_frame_writer_done(handler->writer)) { - size_t bytes_written = GPR_MIN(write_length, handler->buffer_size - offset); - GPR_ASSERT(alts_write_frame_bytes(handler->writer, handler->buffer + offset, - &bytes_written)); - offset += bytes_written; - } - GPR_ASSERT(alts_is_frame_writer_done(handler->writer)); - GPR_ASSERT(handler->buffer_size == offset); -} - -static size_t deframe(frame_handler* handler, unsigned char* bytes, - size_t read_length) { - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t offset = 0; - while (offset < handler->buffer_size && - !alts_is_frame_reader_done(handler->reader)) { - size_t bytes_read = GPR_MIN(read_length, handler->buffer_size - offset); - GPR_ASSERT(alts_read_frame_bytes(handler->reader, handler->buffer + offset, - &bytes_read)); - offset += bytes_read; - } - GPR_ASSERT(alts_is_frame_reader_done(handler->reader)); - GPR_ASSERT(handler->buffer_size == offset); - return offset - handler->reader->header_bytes_read; -} - -static void frame_n_deframe(frame_handler* handler, unsigned char* payload, - size_t payload_length, size_t write_length, - size_t read_length) { - frame(handler, payload, payload_length, write_length); - unsigned char* bytes = - static_cast(gpr_malloc(kFrameHandlerTestBufferSize)); - size_t deframed_payload_length = deframe(handler, bytes, read_length); - GPR_ASSERT(payload_length == deframed_payload_length); - GPR_ASSERT(memcmp(payload, bytes, payload_length) == 0); - gpr_free(bytes); -} - -static void frame_handler_test_frame_deframe() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen((char*)payload) + 1; - frame_handler* handler = create_frame_handler(); - frame_n_deframe(handler, payload, payload_length, - frame_length(payload_length), frame_length(payload_length)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_small_buffer() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame_n_deframe(handler, payload, payload_length, 1, 1); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_input_stream() { - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(!alts_reset_frame_writer(handler->writer, nullptr, 0)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_bad_input_length() { - unsigned char payload[] = "hello world"; - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(!alts_reset_frame_writer(handler->writer, payload, SIZE_MAX)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_writer_byte_length() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length)); - GPR_ASSERT( - !alts_write_frame_bytes(handler->writer, handler->buffer, nullptr)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_writer_bytes() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - GPR_ASSERT(alts_reset_frame_writer(handler->writer, payload, payload_length)); - GPR_ASSERT( - !alts_write_frame_bytes(handler->writer, nullptr, &payload_length)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_bad_frame_length() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - memset(handler->buffer, 0x00, kFrameLengthFieldSize); - unsigned char* bytes = - static_cast(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t bytes_read = handler->buffer_size; - GPR_ASSERT( - !alts_read_frame_bytes(handler->reader, handler->buffer, &bytes_read)); - GPR_ASSERT(alts_is_frame_reader_done(handler->reader)); - GPR_ASSERT(bytes_read == 0); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -static void frame_handler_test_unsupported_message_type() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - memset(handler->buffer + kFrameLengthFieldSize, 0x00, - kFrameMessageTypeFieldSize); - unsigned char* bytes = - static_cast(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t bytes_read = handler->buffer_size; - GPR_ASSERT( - !alts_read_frame_bytes(handler->reader, handler->buffer, &bytes_read)); - GPR_ASSERT(alts_is_frame_reader_done(handler->reader)); - GPR_ASSERT(bytes_read == 0); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_output_stream() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - GPR_ASSERT(!alts_reset_frame_reader(handler->reader, nullptr)); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_reader_byte_length() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - unsigned char* bytes = - static_cast(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - GPR_ASSERT(!alts_read_frame_bytes(handler->reader, handler->buffer, nullptr)); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -static void frame_handler_test_null_reader_bytes() { - unsigned char payload[] = "hello world"; - size_t payload_length = strlen(reinterpret_cast(payload)) + 1; - frame_handler* handler = create_frame_handler(); - frame(handler, payload, payload_length, payload_length); - unsigned char* bytes = - static_cast(gpr_malloc(kFrameHandlerTestBufferSize)); - GPR_ASSERT(alts_reset_frame_reader(handler->reader, bytes)); - size_t bytes_read = handler->buffer_size; - GPR_ASSERT(!alts_read_frame_bytes(handler->reader, nullptr, &bytes_read)); - gpr_free(bytes); - destroy_frame_handler(handler); -} - -int main(int argc, char** argv) { - frame_handler_test_frame_deframe(); - frame_handler_test_small_buffer(); - frame_handler_test_null_input_stream(); - frame_handler_test_bad_input_length(); - frame_handler_test_null_writer_byte_length(); - frame_handler_test_null_writer_bytes(); - frame_handler_test_bad_frame_length(); - frame_handler_test_unsupported_message_type(); - frame_handler_test_null_output_stream(); - frame_handler_test_null_reader_byte_length(); - frame_handler_test_null_reader_bytes(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/BUILD b/test/core/tsi/alts/handshaker/BUILD deleted file mode 100644 index db39732c43..0000000000 --- a/test/core/tsi/alts/handshaker/BUILD +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load("//bazel:grpc_build_system.bzl", "grpc_cc_library", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "handshaker") - -grpc_cc_library( - name = "alts_handshaker_service_api_test_lib", - srcs = ["alts_handshaker_service_api_test_lib.cc"], - hdrs = ["alts_handshaker_service_api_test_lib.h"], - deps = [ - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_handshaker_client_test", - srcs = ["alts_handshaker_client_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_handshaker_service_api_test", - srcs = ["alts_handshaker_service_api_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_tsi_handshaker_test", - srcs = ["alts_tsi_handshaker_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "alts_tsi_utils_test", - srcs = ["alts_tsi_utils_test.cc"], - language = "C++", - deps = [ - ":alts_handshaker_service_api_test_lib", - "//:grpc", - ], -) - -grpc_cc_test( - name = "transport_security_common_api_test", - srcs = ["transport_security_common_api_test.cc"], - language = "C++", - deps = [ - "//:grpc", - ], -) - diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc b/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc deleted file mode 100644 index 7072be6e3a..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc +++ /dev/null @@ -1,412 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include - -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_event.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" -#include "src/core/tsi/transport_security.h" -#include "src/core/tsi/transport_security_interface.h" -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -#define ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME "Hello Google" -#define ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL "lame" -#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME "bigtable.google.api.com" -#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1 "A@google.com" -#define ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2 "B@google.com" - -const size_t kHandshakerClientOpNum = 4; -const size_t kMaxRpcVersionMajor = 3; -const size_t kMaxRpcVersionMinor = 2; -const size_t kMinRpcVersionMajor = 2; -const size_t kMinRpcVersionMinor = 1; - -using grpc_core::internal::alts_handshaker_client_set_grpc_caller_for_testing; - -typedef struct alts_handshaker_client_test_config { - grpc_channel* channel; - grpc_completion_queue* cq; - alts_handshaker_client* client; - grpc_slice out_frame; -} alts_handshaker_client_test_config; - -static alts_tsi_event* alts_tsi_event_create_for_testing(bool is_client) { - alts_tsi_event* e = static_cast(gpr_zalloc(sizeof(*e))); - grpc_metadata_array_init(&e->initial_metadata); - grpc_metadata_array_init(&e->trailing_metadata); - e->options = is_client ? grpc_alts_credentials_client_options_create() - : grpc_alts_credentials_server_options_create(); - if (is_client) { - grpc_alts_credentials_client_options_add_target_service_account( - reinterpret_cast(e->options), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1); - grpc_alts_credentials_client_options_add_target_service_account( - reinterpret_cast(e->options), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2); - } - grpc_gcp_rpc_protocol_versions* versions = &e->options->rpc_versions; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max( - versions, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min( - versions, kMinRpcVersionMajor, kMinRpcVersionMinor)); - e->target_name = - grpc_slice_from_static_string(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME); - return e; -} - -static void validate_rpc_protocol_versions( - grpc_gcp_rpc_protocol_versions* versions) { - GPR_ASSERT(versions != nullptr); - GPR_ASSERT(versions->max_rpc_version.major == kMaxRpcVersionMajor); - GPR_ASSERT(versions->max_rpc_version.minor == kMaxRpcVersionMinor); - GPR_ASSERT(versions->min_rpc_version.major == kMinRpcVersionMajor); - GPR_ASSERT(versions->min_rpc_version.minor == kMinRpcVersionMinor); -} - -static void validate_target_identities( - const repeated_field* target_identity_head) { - grpc_gcp_identity* target_identity1 = static_cast( - const_cast(target_identity_head->next->data)); - grpc_gcp_identity* target_identity2 = static_cast( - const_cast(target_identity_head->data)); - grpc_slice* service_account1 = - static_cast(target_identity1->service_account.arg); - grpc_slice* service_account2 = - static_cast(target_identity2->service_account.arg); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*service_account1), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1, - GRPC_SLICE_LENGTH(*service_account1)) == 0); - GPR_ASSERT(strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1) == - GRPC_SLICE_LENGTH(*service_account1)); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*service_account2), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2, - GRPC_SLICE_LENGTH(*service_account2)) == 0); - GPR_ASSERT(strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2) == - GRPC_SLICE_LENGTH(*service_account2)); -} - -/** - * Validate if grpc operation data is correctly populated with the fields of - * ALTS TSI event. - */ -static bool validate_op(alts_tsi_event* event, const grpc_op* op, size_t nops, - bool is_start) { - GPR_ASSERT(event != nullptr && op != nullptr && nops != 0); - bool ok = true; - grpc_op* start_op = const_cast(op); - if (is_start) { - ok &= (op->op == GRPC_OP_SEND_INITIAL_METADATA); - ok &= (op->data.send_initial_metadata.count == 0); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - - ok &= (op->op == GRPC_OP_RECV_INITIAL_METADATA); - ok &= (op->data.recv_initial_metadata.recv_initial_metadata == - &event->initial_metadata); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - } - ok &= (op->op == GRPC_OP_SEND_MESSAGE); - ok &= (op->data.send_message.send_message == event->send_buffer); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - - ok &= (op->op == GRPC_OP_RECV_MESSAGE); - ok &= (op->data.recv_message.recv_message == &event->recv_buffer); - op++; - GPR_ASSERT((size_t)(op - start_op) <= kHandshakerClientOpNum); - - return ok; -} - -static grpc_gcp_handshaker_req* deserialize_handshaker_req( - grpc_gcp_handshaker_req_type type, grpc_byte_buffer* buffer) { - GPR_ASSERT(buffer != nullptr); - grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_decoded_req_create(type); - grpc_byte_buffer_reader bbr; - GPR_ASSERT(grpc_byte_buffer_reader_init(&bbr, buffer)); - grpc_slice slice = grpc_byte_buffer_reader_readall(&bbr); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(slice, req)); - grpc_slice_unref(slice); - grpc_byte_buffer_reader_destroy(&bbr); - return req; -} - -/** - * A mock grpc_caller used to check if client_start, server_start, and next - * operations correctly handle invalid arguments. It should not be called. - */ -static grpc_call_error check_must_not_be_called(grpc_call* call, - const grpc_op* ops, size_t nops, - void* tag) { - GPR_ASSERT(0); -} - -/** - * A mock grpc_caller used to check correct execution of client_start operation. - * It checks if the client_start handshaker request is populated with correct - * handshake_security_protocol, application_protocol, and record_protocol, and - * op is correctly populated. - */ -static grpc_call_error check_client_start_success(grpc_call* call, - const grpc_op* op, - size_t nops, void* tag) { - alts_tsi_event* event = static_cast(tag); - grpc_gcp_handshaker_req* req = - deserialize_handshaker_req(CLIENT_START_REQ, event->send_buffer); - GPR_ASSERT(req->client_start.handshake_security_protocol == - grpc_gcp_HandshakeProtocol_ALTS); - const void* data = (static_cast( - req->client_start.application_protocols.arg)) - ->data; - GPR_ASSERT(data != nullptr); - grpc_slice* application_protocol = (grpc_slice*)data; - data = (static_cast(req->client_start.record_protocols.arg)) - ->data; - grpc_slice* record_protocol = (grpc_slice*)data; - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*application_protocol), - ALTS_APPLICATION_PROTOCOL, - GRPC_SLICE_LENGTH(*application_protocol)) == 0); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*record_protocol), - ALTS_RECORD_PROTOCOL, - GRPC_SLICE_LENGTH(*record_protocol)) == 0); - validate_rpc_protocol_versions(&req->client_start.rpc_versions); - validate_target_identities( - static_cast(req->client_start.target_identities.arg)); - grpc_slice* target_name = - static_cast(req->client_start.target_name.arg); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*target_name), - ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME, - GRPC_SLICE_LENGTH(*target_name)) == 0); - GPR_ASSERT(GRPC_SLICE_LENGTH(*target_name) == - strlen(ALTS_HANDSHAKER_CLIENT_TEST_TARGET_NAME)); - GPR_ASSERT(validate_op(event, op, nops, true /* is_start */)); - grpc_gcp_handshaker_req_destroy(req); - return GRPC_CALL_OK; -} - -/** - * A mock grpc_caller used to check correct execution of server_start operation. - * It checks if the server_start handshaker request is populated with correct - * handshake_security_protocol, application_protocol, and record_protocol, and - * op is correctly populated. - */ -static grpc_call_error check_server_start_success(grpc_call* call, - const grpc_op* op, - size_t nops, void* tag) { - alts_tsi_event* event = static_cast(tag); - grpc_gcp_handshaker_req* req = - deserialize_handshaker_req(SERVER_START_REQ, event->send_buffer); - const void* data = (static_cast( - req->server_start.application_protocols.arg)) - ->data; - GPR_ASSERT(data != nullptr); - grpc_slice* application_protocol = (grpc_slice*)data; - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*application_protocol), - ALTS_APPLICATION_PROTOCOL, - GRPC_SLICE_LENGTH(*application_protocol)) == 0); - GPR_ASSERT(req->server_start.handshake_parameters_count == 1); - GPR_ASSERT(req->server_start.handshake_parameters[0].key == - grpc_gcp_HandshakeProtocol_ALTS); - data = (static_cast(req->server_start.handshake_parameters[0] - .value.record_protocols.arg)) - ->data; - GPR_ASSERT(data != nullptr); - grpc_slice* record_protocol = (grpc_slice*)data; - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*record_protocol), - ALTS_RECORD_PROTOCOL, - GRPC_SLICE_LENGTH(*record_protocol)) == 0); - validate_rpc_protocol_versions(&req->server_start.rpc_versions); - GPR_ASSERT(validate_op(event, op, nops, true /* is_start */)); - grpc_gcp_handshaker_req_destroy(req); - return GRPC_CALL_OK; -} - -/** - * A mock grpc_caller used to check correct execution of next operation. It - * checks if the next handshaker request is populated with correct information, - * and op is correctly populated. - */ -static grpc_call_error check_next_success(grpc_call* call, const grpc_op* op, - size_t nops, void* tag) { - alts_tsi_event* event = static_cast(tag); - grpc_gcp_handshaker_req* req = - deserialize_handshaker_req(NEXT_REQ, event->send_buffer); - grpc_slice* in_bytes = static_cast(req->next.in_bytes.arg); - GPR_ASSERT(in_bytes != nullptr); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*in_bytes), - ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME, - GRPC_SLICE_LENGTH(*in_bytes)) == 0); - GPR_ASSERT(validate_op(event, op, nops, false /* is_start */)); - grpc_gcp_handshaker_req_destroy(req); - return GRPC_CALL_OK; -} -/** - * A mock grpc_caller used to check if client_start, server_start, and next - * operations correctly handle the situation when the grpc call made to the - * handshaker service fails. - */ -static grpc_call_error check_grpc_call_failure(grpc_call* call, - const grpc_op* op, size_t nops, - void* tag) { - return GRPC_CALL_ERROR; -} - -static alts_handshaker_client_test_config* create_config() { - alts_handshaker_client_test_config* config = - static_cast( - gpr_zalloc(sizeof(*config))); - config->channel = grpc_insecure_channel_create( - ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL, nullptr, nullptr); - config->cq = grpc_completion_queue_create_for_next(nullptr); - config->client = alts_grpc_handshaker_client_create( - config->channel, config->cq, - ALTS_HANDSHAKER_CLIENT_TEST_HANDSHAKER_SERVICE_URL); - GPR_ASSERT(config->client != nullptr); - config->out_frame = - grpc_slice_from_static_string(ALTS_HANDSHAKER_CLIENT_TEST_OUT_FRAME); - return config; -} - -static void destroy_config(alts_handshaker_client_test_config* config) { - if (config == nullptr) { - return; - } - grpc_completion_queue_destroy(config->cq); - grpc_channel_destroy(config->channel); - alts_handshaker_client_destroy(config->client); - grpc_slice_unref(config->out_frame); - gpr_free(config); -} - -static void schedule_request_invalid_arg_test() { - /* Initialization. */ - alts_handshaker_client_test_config* config = create_config(); - alts_tsi_event* event = nullptr; - - /* Tests. */ - alts_handshaker_client_set_grpc_caller_for_testing(config->client, - check_must_not_be_called); - event = alts_tsi_event_create_for_testing(true /* is_client */); - /* Check client_start. */ - GPR_ASSERT(alts_handshaker_client_start_client(nullptr, event) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_start_client(config->client, nullptr) == - TSI_INVALID_ARGUMENT); - - /* Check server_start. */ - GPR_ASSERT(alts_handshaker_client_start_server( - config->client, event, nullptr) == TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_start_server(config->client, nullptr, - &config->out_frame) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_start_server( - nullptr, event, &config->out_frame) == TSI_INVALID_ARGUMENT); - - /* Check next. */ - GPR_ASSERT(alts_handshaker_client_next(config->client, event, nullptr) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_next(config->client, nullptr, - &config->out_frame) == - TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_handshaker_client_next(nullptr, event, &config->out_frame) == - TSI_INVALID_ARGUMENT); - - /* Cleanup. */ - alts_tsi_event_destroy(event); - destroy_config(config); -} - -static void schedule_request_success_test() { - /* Initialization. */ - alts_handshaker_client_test_config* config = create_config(); - alts_tsi_event* event = nullptr; - - /* Check client_start success. */ - alts_handshaker_client_set_grpc_caller_for_testing( - config->client, check_client_start_success); - event = alts_tsi_event_create_for_testing(true /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_client(config->client, event) == - TSI_OK); - alts_tsi_event_destroy(event); - - /* Check server_start success. */ - alts_handshaker_client_set_grpc_caller_for_testing( - config->client, check_server_start_success); - event = alts_tsi_event_create_for_testing(false /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_server(config->client, event, - &config->out_frame) == TSI_OK); - alts_tsi_event_destroy(event); - - /* Check next success. */ - alts_handshaker_client_set_grpc_caller_for_testing(config->client, - check_next_success); - event = alts_tsi_event_create_for_testing(true /* is_client. */); - GPR_ASSERT(alts_handshaker_client_next(config->client, event, - &config->out_frame) == TSI_OK); - alts_tsi_event_destroy(event); - - /* Cleanup. */ - destroy_config(config); -} - -static void schedule_request_grpc_call_failure_test() { - /* Initialization. */ - alts_handshaker_client_test_config* config = create_config(); - alts_tsi_event* event = nullptr; - - /* Check client_start failure. */ - alts_handshaker_client_set_grpc_caller_for_testing(config->client, - check_grpc_call_failure); - event = alts_tsi_event_create_for_testing(true /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_client(config->client, event) == - TSI_INTERNAL_ERROR); - alts_tsi_event_destroy(event); - - /* Check server_start failure. */ - event = alts_tsi_event_create_for_testing(false /* is_client. */); - GPR_ASSERT(alts_handshaker_client_start_server(config->client, event, - &config->out_frame) == - TSI_INTERNAL_ERROR); - alts_tsi_event_destroy(event); - - /* Check next failure. */ - event = alts_tsi_event_create_for_testing(true /* is_cleint. */); - GPR_ASSERT( - alts_handshaker_client_next(config->client, event, &config->out_frame) == - TSI_INTERNAL_ERROR); - alts_tsi_event_destroy(event); - - /* Cleanup. */ - destroy_config(config); -} - -int main(int argc, char** argv) { - /* Initialization. */ - grpc_init(); - - /* Tests. */ - schedule_request_invalid_arg_test(); - schedule_request_success_test(); - schedule_request_grpc_call_failure_test(); - - /* Cleanup. */ - grpc_shutdown(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc deleted file mode 100644 index 3506264f52..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test.cc +++ /dev/null @@ -1,149 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include -#include - -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -int main(int argc, char** argv) { - const char in_bytes[] = "HELLO GOOGLE!"; - const char out_frames[] = "HELLO WORLD!"; - const char key_data[] = "THIS IS KEY DATA."; - const char details[] = "DETAILS NEED TO BE POPULATED"; - const uint32_t max_rpc_version_major = 3; - const uint32_t max_rpc_version_minor = 2; - const uint32_t min_rpc_version_major = 2; - const uint32_t min_rpc_version_minor = 1; - - /* handshaker_req_next. */ - grpc_gcp_handshaker_req* req = grpc_gcp_handshaker_req_create(NEXT_REQ); - grpc_gcp_handshaker_req* decoded_req = - grpc_gcp_handshaker_decoded_req_create(NEXT_REQ); - GPR_ASSERT( - grpc_gcp_handshaker_req_set_in_bytes(req, in_bytes, strlen(in_bytes))); - grpc_slice encoded_req; - GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req)); - grpc_gcp_handshaker_req_destroy(req); - grpc_gcp_handshaker_req_destroy(decoded_req); - grpc_slice_unref(encoded_req); - - /* handshaker_req_client_start. */ - req = grpc_gcp_handshaker_req_create(CLIENT_START_REQ); - decoded_req = grpc_gcp_handshaker_decoded_req_create(CLIENT_START_REQ); - GPR_ASSERT(grpc_gcp_handshaker_req_set_handshake_protocol( - req, grpc_gcp_HandshakeProtocol_TLS)); - GPR_ASSERT(grpc_gcp_handshaker_req_set_local_identity_hostname( - req, "www.google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_local_endpoint( - req, "2001:db8::8:800:200C:417a", 9876, grpc_gcp_NetworkProtocol_TCP)); - GPR_ASSERT(grpc_gcp_handshaker_req_set_remote_endpoint( - req, "2001:db8::bac5::fed0:84a2", 1234, grpc_gcp_NetworkProtocol_TCP)); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "grpc")); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "http2")); - GPR_ASSERT( - grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES256")); - GPR_ASSERT( - grpc_gcp_handshaker_req_add_record_protocol(req, "ALTSRP_GCM_AES384")); - GPR_ASSERT(grpc_gcp_handshaker_req_add_target_identity_service_account( - req, "foo@google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_target_name( - req, "google.example.library.service")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_rpc_versions( - req, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major, - min_rpc_version_minor)); - GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req)); - grpc_gcp_handshaker_req_destroy(req); - grpc_gcp_handshaker_req_destroy(decoded_req); - grpc_slice_unref(encoded_req); - - /* handshaker_req_server_start. */ - req = grpc_gcp_handshaker_req_create(SERVER_START_REQ); - decoded_req = grpc_gcp_handshaker_decoded_req_create(SERVER_START_REQ); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "grpc")); - GPR_ASSERT(grpc_gcp_handshaker_req_add_application_protocol(req, "http2")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_local_endpoint( - req, "2001:db8::8:800:200C:417a", 9876, grpc_gcp_NetworkProtocol_TCP)); - GPR_ASSERT(grpc_gcp_handshaker_req_set_remote_endpoint( - req, "2001:db8::bac5::fed0:84a2", 1234, grpc_gcp_NetworkProtocol_UDP)); - GPR_ASSERT( - grpc_gcp_handshaker_req_set_in_bytes(req, in_bytes, strlen(in_bytes))); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_TLS, "ALTSRP_GCM_AES128")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_service_account( - req, grpc_gcp_HandshakeProtocol_TLS, "foo@google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_hostname( - req, grpc_gcp_HandshakeProtocol_TLS, "yihuaz0.mtv.corp.google.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_ALTS, "ALTSRP_GCM_AES128")); - GPR_ASSERT(grpc_gcp_handshaker_req_param_add_local_identity_hostname( - req, grpc_gcp_HandshakeProtocol_ALTS, "www.amazon.com")); - GPR_ASSERT(grpc_gcp_handshaker_req_set_rpc_versions( - req, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major, - min_rpc_version_minor)); - - GPR_ASSERT(grpc_gcp_handshaker_req_encode(req, &encoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_decode(encoded_req, decoded_req)); - GPR_ASSERT(grpc_gcp_handshaker_req_equals(req, decoded_req)); - grpc_gcp_handshaker_req_destroy(req); - grpc_gcp_handshaker_req_destroy(decoded_req); - grpc_slice_unref(encoded_req); - - /* handshaker_resp. */ - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - grpc_gcp_handshaker_resp* decoded_resp = grpc_gcp_handshaker_resp_create(); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames(resp, out_frames, - strlen(out_frames))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed(resp, 1024)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_application_protocol(resp, "http")); - GPR_ASSERT( - grpc_gcp_handshaker_resp_set_record_protocol(resp, "ALTSRP_GCM_AES128")); - GPR_ASSERT( - grpc_gcp_handshaker_resp_set_key_data(resp, key_data, strlen(key_data))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_local_identity_hostname( - resp, "www.faceboook.com")); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_hostname( - resp, "www.amazon.com")); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_channel_open( - resp, false /* channel_open */)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_code(resp, 1023)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_details(resp, details)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions( - resp, max_rpc_version_major, max_rpc_version_minor, min_rpc_version_major, - min_rpc_version_minor)); - grpc_slice encoded_resp; - GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &encoded_resp)); - GPR_ASSERT(grpc_gcp_handshaker_resp_decode(encoded_resp, decoded_resp)); - GPR_ASSERT(grpc_gcp_handshaker_resp_equals(resp, decoded_resp)); - grpc_gcp_handshaker_resp_destroy(resp); - grpc_gcp_handshaker_resp_destroy(decoded_resp); - grpc_slice_unref(encoded_resp); - /* Test invalid arguments. */ - GPR_ASSERT(!grpc_gcp_handshaker_req_set_in_bytes(nullptr, in_bytes, - strlen(in_bytes))); - GPR_ASSERT(!grpc_gcp_handshaker_req_param_add_record_protocol( - req, grpc_gcp_HandshakeProtocol_TLS, nullptr)); - GPR_ASSERT(!grpc_gcp_handshaker_req_param_add_local_identity_service_account( - nullptr, grpc_gcp_HandshakeProtocol_TLS, nullptr)); - GPR_ASSERT(!grpc_gcp_handshaker_resp_set_record_protocol(nullptr, nullptr)); -} diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc deleted file mode 100644 index ecca04defa..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.cc +++ /dev/null @@ -1,642 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -const size_t kHandshakeProtocolNum = 3; - -grpc_gcp_handshaker_req* grpc_gcp_handshaker_decoded_req_create( - grpc_gcp_handshaker_req_type type) { - grpc_gcp_handshaker_req* req = - static_cast(gpr_zalloc(sizeof(*req))); - switch (type) { - case CLIENT_START_REQ: - req->has_client_start = true; - req->client_start.target_identities.funcs.decode = - decode_repeated_identity_cb; - req->client_start.application_protocols.funcs.decode = - decode_repeated_string_cb; - req->client_start.record_protocols.funcs.decode = - decode_repeated_string_cb; - req->client_start.local_identity.hostname.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.local_identity.service_account.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.local_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.remote_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - req->client_start.target_name.funcs.decode = decode_string_or_bytes_cb; - break; - case SERVER_START_REQ: - req->has_server_start = true; - req->server_start.application_protocols.funcs.decode = - &decode_repeated_string_cb; - for (size_t i = 0; i < kHandshakeProtocolNum; i++) { - req->server_start.handshake_parameters[i] - .value.local_identities.funcs.decode = &decode_repeated_identity_cb; - req->server_start.handshake_parameters[i] - .value.record_protocols.funcs.decode = &decode_repeated_string_cb; - } - req->server_start.in_bytes.funcs.decode = decode_string_or_bytes_cb; - req->server_start.local_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - req->server_start.remote_endpoint.ip_address.funcs.decode = - decode_string_or_bytes_cb; - break; - case NEXT_REQ: - req->has_next = true; - break; - } - return req; -} - -bool grpc_gcp_handshaker_resp_set_application_protocol( - grpc_gcp_handshaker_resp* resp, const char* application_protocol) { - if (resp == nullptr || application_protocol == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "handshaker_resp_set_application_protocol()."); - return false; - } - resp->has_result = true; - grpc_slice* slice = - create_slice(application_protocol, strlen(application_protocol)); - resp->result.application_protocol.arg = slice; - resp->result.application_protocol.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_record_protocol( - grpc_gcp_handshaker_resp* resp, const char* record_protocol) { - if (resp == nullptr || record_protocol == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "handshaker_resp_set_record_protocol()."); - return false; - } - resp->has_result = true; - grpc_slice* slice = create_slice(record_protocol, strlen(record_protocol)); - resp->result.record_protocol.arg = slice; - resp->result.record_protocol.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_key_data(grpc_gcp_handshaker_resp* resp, - const char* key_data, size_t size) { - if (resp == nullptr || key_data == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to handshaker_resp_set_key_data()."); - return false; - } - resp->has_result = true; - grpc_slice* slice = create_slice(key_data, size); - resp->result.key_data.arg = slice; - resp->result.key_data.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -static void set_identity_hostname(grpc_gcp_identity* identity, - const char* hostname) { - grpc_slice* slice = create_slice(hostname, strlen(hostname)); - identity->hostname.arg = slice; - identity->hostname.funcs.encode = encode_string_or_bytes_cb; -} - -static void set_identity_service_account(grpc_gcp_identity* identity, - const char* service_account) { - grpc_slice* slice = create_slice(service_account, strlen(service_account)); - identity->service_account.arg = slice; - identity->service_account.funcs.encode = encode_string_or_bytes_cb; -} - -bool grpc_gcp_handshaker_resp_set_local_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname) { - if (resp == nullptr || hostname == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_local_identity_hostname()."); - return false; - } - resp->has_result = true; - resp->result.has_local_identity = true; - set_identity_hostname(&resp->result.local_identity, hostname); - return true; -} - -bool grpc_gcp_handshaker_resp_set_local_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account) { - if (resp == nullptr || service_account == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_local_identity_service_account()."); - return false; - } - resp->has_result = true; - resp->result.has_local_identity = true; - set_identity_service_account(&resp->result.local_identity, service_account); - return true; -} - -bool grpc_gcp_handshaker_resp_set_peer_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname) { - if (resp == nullptr || hostname == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_peer_identity_hostname()."); - return false; - } - resp->has_result = true; - resp->result.has_peer_identity = true; - set_identity_hostname(&resp->result.peer_identity, hostname); - return true; -} - -bool grpc_gcp_handshaker_resp_set_peer_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account) { - if (resp == nullptr || service_account == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_peer_identity_service_account()."); - return false; - } - resp->has_result = true; - resp->result.has_peer_identity = true; - set_identity_service_account(&resp->result.peer_identity, service_account); - return true; -} - -bool grpc_gcp_handshaker_resp_set_channel_open(grpc_gcp_handshaker_resp* resp, - bool keep_channel_open) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to " - "grpc_gcp_handshaker_resp_set_channel_open()."); - return false; - } - resp->has_result = true; - resp->result.has_keep_channel_open = true; - resp->result.keep_channel_open = keep_channel_open; - return true; -} - -bool grpc_gcp_handshaker_resp_set_code(grpc_gcp_handshaker_resp* resp, - uint32_t code) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to grpc_gcp_handshaker_resp_set_code()."); - return false; - } - resp->has_status = true; - resp->status.has_code = true; - resp->status.code = code; - return true; -} - -bool grpc_gcp_handshaker_resp_set_details(grpc_gcp_handshaker_resp* resp, - const char* details) { - if (resp == nullptr || details == nullptr) { - gpr_log( - GPR_ERROR, - "Invalid nullptr arguments to grpc_gcp_handshaker_resp_set_details()."); - return false; - } - resp->has_status = true; - grpc_slice* slice = create_slice(details, strlen(details)); - resp->status.details.arg = slice; - resp->status.details.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_out_frames(grpc_gcp_handshaker_resp* resp, - const char* out_frames, - size_t size) { - if (resp == nullptr || out_frames == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to " - "grpc_gcp_handshaker_resp_set_out_frames()."); - return false; - } - grpc_slice* slice = create_slice(out_frames, size); - resp->out_frames.arg = slice; - resp->out_frames.funcs.encode = encode_string_or_bytes_cb; - return true; -} - -bool grpc_gcp_handshaker_resp_set_bytes_consumed(grpc_gcp_handshaker_resp* resp, - int32_t bytes_consumed) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to " - "grpc_gcp_handshaker_resp_set_bytes_consumed()."); - return false; - } - resp->has_bytes_consumed = true; - resp->bytes_consumed = bytes_consumed; - return true; -} - -bool grpc_gcp_handshaker_resp_set_peer_rpc_versions( - grpc_gcp_handshaker_resp* resp, uint32_t max_major, uint32_t max_minor, - uint32_t min_major, uint32_t min_minor) { - if (resp == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to " - "grpc_gcp_handshaker_resp_set_peer_rpc_versions()."); - return false; - } - resp->has_result = true; - resp->result.has_peer_rpc_versions = true; - grpc_gcp_rpc_protocol_versions* versions = &resp->result.peer_rpc_versions; - versions->has_max_rpc_version = true; - versions->has_min_rpc_version = true; - versions->max_rpc_version.has_major = true; - versions->max_rpc_version.has_minor = true; - versions->min_rpc_version.has_major = true; - versions->min_rpc_version.has_minor = true; - versions->max_rpc_version.major = max_major; - versions->max_rpc_version.minor = max_minor; - versions->min_rpc_version.major = min_major; - versions->min_rpc_version.minor = min_minor; - return true; -} - -bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp, - grpc_slice* slice) { - if (resp == nullptr || slice == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr arguments to grpc_gcp_handshaker_resp_encode()."); - return false; - } - pb_ostream_t size_stream; - memset(&size_stream, 0, sizeof(pb_ostream_t)); - if (!pb_encode(&size_stream, grpc_gcp_HandshakerResp_fields, resp)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream)); - return false; - } - size_t encoded_length = size_stream.bytes_written; - *slice = grpc_slice_malloc(encoded_length); - pb_ostream_t output_stream = - pb_ostream_from_buffer(GRPC_SLICE_START_PTR(*slice), encoded_length); - if (!pb_encode(&output_stream, grpc_gcp_HandshakerResp_fields, resp)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&size_stream)); - return false; - } - return true; -} - -bool grpc_gcp_handshaker_req_decode(grpc_slice slice, - grpc_gcp_handshaker_req* req) { - if (req == nullptr) { - gpr_log(GPR_ERROR, - "Invalid nullptr argument to grpc_gcp_handshaker_req_decode()."); - return false; - } - pb_istream_t stream = pb_istream_from_buffer(GRPC_SLICE_START_PTR(slice), - GRPC_SLICE_LENGTH(slice)); - req->next.in_bytes.funcs.decode = decode_string_or_bytes_cb; - if (!pb_decode(&stream, grpc_gcp_HandshakerReq_fields, req)) { - gpr_log(GPR_ERROR, "nanopb error: %s", PB_GET_ERROR(&stream)); - return false; - } - return true; -} - -/* Check equality of a pair of grpc_slice fields. */ -static bool slice_equals(grpc_slice* l_slice, grpc_slice* r_slice) { - if (l_slice == nullptr && r_slice == nullptr) { - return true; - } - if (l_slice != nullptr && r_slice != nullptr) { - return grpc_slice_eq(*l_slice, *r_slice); - } - return false; -} - -/* Check equality of a pair of grpc_gcp_identity fields. */ -static bool handshaker_identity_equals(const grpc_gcp_identity* l_id, - const grpc_gcp_identity* r_id) { - if (!((l_id->hostname.arg != nullptr) != (r_id->hostname.arg != nullptr))) { - if (l_id->hostname.arg != nullptr) { - return slice_equals(static_cast(l_id->hostname.arg), - static_cast(r_id->hostname.arg)); - } - } else { - return false; - } - if (!((l_id->service_account.arg != nullptr) != - (r_id->service_account.arg != nullptr))) { - if (l_id->service_account.arg != nullptr) { - return slice_equals(static_cast(l_id->service_account.arg), - static_cast(r_id->service_account.arg)); - } - } else { - return false; - } - return true; -} - -static bool handshaker_rpc_versions_equals( - const grpc_gcp_rpc_protocol_versions* l_version, - const grpc_gcp_rpc_protocol_versions* r_version) { - bool result = true; - result &= - (l_version->max_rpc_version.major == r_version->max_rpc_version.major); - result &= - (l_version->max_rpc_version.minor == r_version->max_rpc_version.minor); - result &= - (l_version->min_rpc_version.major == r_version->min_rpc_version.major); - result &= - (l_version->min_rpc_version.minor == r_version->min_rpc_version.minor); - return result; -} - -/* Check equality of a pair of grpc_gcp_endpoint fields. */ -static bool handshaker_endpoint_equals(const grpc_gcp_endpoint* l_end, - const grpc_gcp_endpoint* r_end) { - bool result = true; - result &= (l_end->port == r_end->port); - result &= (l_end->protocol == r_end->protocol); - if (!((l_end->ip_address.arg != nullptr) != - (r_end->ip_address.arg != nullptr))) { - if (l_end->ip_address.arg != nullptr) { - result &= slice_equals(static_cast(l_end->ip_address.arg), - static_cast(r_end->ip_address.arg)); - } - } else { - return false; - } - return result; -} -/** - * Check if a specific repeated field (i.e., target) is contained in a repeated - * field list (i.e., head). - */ -static bool repeated_field_list_contains_identity( - const repeated_field* head, const repeated_field* target) { - repeated_field* field = const_cast(head); - while (field != nullptr) { - if (handshaker_identity_equals( - static_cast(field->data), - static_cast(target->data))) { - return true; - } - field = field->next; - } - return false; -} - -static bool repeated_field_list_contains_string(const repeated_field* head, - const repeated_field* target) { - repeated_field* field = const_cast(head); - while (field != nullptr) { - if (slice_equals((grpc_slice*)field->data, (grpc_slice*)target->data)) { - return true; - } - field = field->next; - } - return false; -} - -/* Return a length of repeated field list. */ -static size_t repeated_field_list_get_length(const repeated_field* head) { - repeated_field* field = const_cast(head); - size_t len = 0; - while (field != nullptr) { - len++; - field = field->next; - } - return len; -} - -/** - * Check if a pair of repeated field lists contain the same set of repeated - * fields. - */ -static bool repeated_field_list_equals_identity(const repeated_field* l_head, - const repeated_field* r_head) { - if (repeated_field_list_get_length(l_head) != - repeated_field_list_get_length(r_head)) { - return false; - } - repeated_field* field = const_cast(l_head); - repeated_field* head = const_cast(r_head); - while (field != nullptr) { - if (!repeated_field_list_contains_identity(head, field)) { - return false; - } - field = field->next; - } - return true; -} - -static bool repeated_field_list_equals_string(const repeated_field* l_head, - const repeated_field* r_head) { - if (repeated_field_list_get_length(l_head) != - repeated_field_list_get_length(r_head)) { - return false; - } - repeated_field* field = const_cast(l_head); - repeated_field* head = const_cast(r_head); - while (field != nullptr) { - if (!repeated_field_list_contains_string(head, field)) { - return false; - } - field = field->next; - } - return true; -} - -/* Check equality of a pair of ALTS client_start handshake requests. */ -bool grpc_gcp_handshaker_client_start_req_equals( - grpc_gcp_start_client_handshake_req* l_req, - grpc_gcp_start_client_handshake_req* r_req) { - bool result = true; - /* Compare handshake_security_protocol. */ - result &= - l_req->handshake_security_protocol == r_req->handshake_security_protocol; - /* Compare application_protocols, record_protocols, and target_identities. */ - result &= repeated_field_list_equals_string( - static_cast(l_req->application_protocols.arg), - static_cast(r_req->application_protocols.arg)); - result &= repeated_field_list_equals_string( - static_cast(l_req->record_protocols.arg), - static_cast(r_req->record_protocols.arg)); - result &= repeated_field_list_equals_identity( - static_cast(l_req->target_identities.arg), - static_cast(r_req->target_identities.arg)); - if ((l_req->has_local_identity ^ r_req->has_local_identity) | - (l_req->has_local_endpoint ^ r_req->has_local_endpoint) | - ((l_req->has_remote_endpoint ^ r_req->has_remote_endpoint)) | - (l_req->has_rpc_versions ^ r_req->has_rpc_versions)) { - return false; - } - /* Compare local_identity, local_endpoint, and remote_endpoint. */ - if (l_req->has_local_identity) { - result &= handshaker_identity_equals(&l_req->local_identity, - &r_req->local_identity); - } - if (l_req->has_local_endpoint) { - result &= handshaker_endpoint_equals(&l_req->local_endpoint, - &r_req->local_endpoint); - } - if (l_req->has_remote_endpoint) { - result &= handshaker_endpoint_equals(&l_req->remote_endpoint, - &r_req->remote_endpoint); - } - if (l_req->has_rpc_versions) { - result &= handshaker_rpc_versions_equals(&l_req->rpc_versions, - &r_req->rpc_versions); - } - return result; -} - -/* Check equality of a pair of ALTS server_start handshake requests. */ -bool grpc_gcp_handshaker_server_start_req_equals( - grpc_gcp_start_server_handshake_req* l_req, - grpc_gcp_start_server_handshake_req* r_req) { - bool result = true; - /* Compare application_protocols. */ - result &= repeated_field_list_equals_string( - static_cast(l_req->application_protocols.arg), - static_cast(r_req->application_protocols.arg)); - /* Compare handshake_parameters. */ - size_t i = 0, j = 0; - result &= - (l_req->handshake_parameters_count == r_req->handshake_parameters_count); - for (i = 0; i < l_req->handshake_parameters_count; i++) { - bool found = false; - for (j = 0; j < r_req->handshake_parameters_count; j++) { - if (l_req->handshake_parameters[i].key == - r_req->handshake_parameters[j].key) { - found = true; - result &= repeated_field_list_equals_string( - static_cast( - l_req->handshake_parameters[i].value.record_protocols.arg), - static_cast( - r_req->handshake_parameters[j].value.record_protocols.arg)); - result &= repeated_field_list_equals_identity( - static_cast( - l_req->handshake_parameters[i].value.local_identities.arg), - static_cast( - r_req->handshake_parameters[j].value.local_identities.arg)); - } - } - if (!found) { - return false; - } - } - /* Compare in_bytes, local_endpoint, remote_endpoint. */ - result &= slice_equals(static_cast(l_req->in_bytes.arg), - static_cast(r_req->in_bytes.arg)); - if ((l_req->has_local_endpoint ^ r_req->has_local_endpoint) | - (l_req->has_remote_endpoint ^ r_req->has_remote_endpoint) | - (l_req->has_rpc_versions ^ r_req->has_rpc_versions)) - return false; - if (l_req->has_local_endpoint) { - result &= handshaker_endpoint_equals(&l_req->local_endpoint, - &r_req->local_endpoint); - } - if (l_req->has_remote_endpoint) { - result &= handshaker_endpoint_equals(&l_req->remote_endpoint, - &r_req->remote_endpoint); - } - if (l_req->has_rpc_versions) { - result &= handshaker_rpc_versions_equals(&l_req->rpc_versions, - &r_req->rpc_versions); - } - return result; -} - -/* Check equality of a pair of ALTS handshake requests. */ -bool grpc_gcp_handshaker_req_equals(grpc_gcp_handshaker_req* l_req, - grpc_gcp_handshaker_req* r_req) { - if (l_req->has_next && r_req->has_next) { - return slice_equals(static_cast(l_req->next.in_bytes.arg), - static_cast(r_req->next.in_bytes.arg)); - } else if (l_req->has_client_start && r_req->has_client_start) { - return grpc_gcp_handshaker_client_start_req_equals(&l_req->client_start, - &r_req->client_start); - } else if (l_req->has_server_start && r_req->has_server_start) { - return grpc_gcp_handshaker_server_start_req_equals(&l_req->server_start, - &r_req->server_start); - } - return false; -} - -/* Check equality of a pair of ALTS handshake results. */ -bool grpc_gcp_handshaker_resp_result_equals( - grpc_gcp_handshaker_result* l_result, - grpc_gcp_handshaker_result* r_result) { - bool result = true; - /* Compare application_protocol, record_protocol, and key_data. */ - result &= slice_equals( - static_cast(l_result->application_protocol.arg), - static_cast(r_result->application_protocol.arg)); - result &= - slice_equals(static_cast(l_result->record_protocol.arg), - static_cast(r_result->record_protocol.arg)); - result &= slice_equals(static_cast(l_result->key_data.arg), - static_cast(r_result->key_data.arg)); - /* Compare local_identity, peer_identity, and keep_channel_open. */ - if ((l_result->has_local_identity ^ r_result->has_local_identity) | - (l_result->has_peer_identity ^ r_result->has_peer_identity) | - (l_result->has_peer_rpc_versions ^ r_result->has_peer_rpc_versions)) { - return false; - } - if (l_result->has_local_identity) { - result &= handshaker_identity_equals(&l_result->local_identity, - &r_result->local_identity); - } - if (l_result->has_peer_identity) { - result &= handshaker_identity_equals(&l_result->peer_identity, - &r_result->peer_identity); - } - if (l_result->has_peer_rpc_versions) { - result &= handshaker_rpc_versions_equals(&l_result->peer_rpc_versions, - &r_result->peer_rpc_versions); - } - result &= (l_result->keep_channel_open == r_result->keep_channel_open); - return result; -} - -/* Check equality of a pair of ALTS handshake responses. */ -bool grpc_gcp_handshaker_resp_equals(grpc_gcp_handshaker_resp* l_resp, - grpc_gcp_handshaker_resp* r_resp) { - bool result = true; - /* Compare out_frames and bytes_consumed. */ - result &= slice_equals(static_cast(l_resp->out_frames.arg), - static_cast(r_resp->out_frames.arg)); - result &= (l_resp->bytes_consumed == r_resp->bytes_consumed); - /* Compare result and status. */ - if ((l_resp->has_result ^ r_resp->has_result) | - (l_resp->has_status ^ r_resp->has_status)) { - return false; - } - if (l_resp->has_result) { - result &= grpc_gcp_handshaker_resp_result_equals(&l_resp->result, - &r_resp->result); - } - if (l_resp->has_status) { - result &= (l_resp->status.code == r_resp->status.code); - result &= - slice_equals(static_cast(l_resp->status.details.arg), - static_cast(r_resp->status.details.arg)); - } - return result; -} diff --git a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h b/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h deleted file mode 100644 index 2fcbb4ea99..0000000000 --- a/test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H -#define GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H - -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h" -#include "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h" -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -/** - * The first part of this file contains function signatures for de-serializing - * ALTS handshake requests and setting/serializing ALTS handshake responses, - * which simulate the behaviour of grpc server that runs ALTS handshaker - * service. - */ - -/** - * This method creates a ALTS handshaker request that is used to hold - * de-serialized result. - */ -grpc_gcp_handshaker_req* grpc_gcp_handshaker_decoded_req_create( - grpc_gcp_handshaker_req_type type); - -/* This method de-serializes a ALTS handshaker request. */ -bool grpc_gcp_handshaker_req_decode(grpc_slice slice, - grpc_gcp_handshaker_req* req); - -/* This method serializes a ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp, - grpc_slice* slice); - -/* This method sets application protocol of ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_application_protocol( - grpc_gcp_handshaker_resp* resp, const char* application_protocol); - -/* This method sets record protocol of ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_record_protocol( - grpc_gcp_handshaker_resp* resp, const char* record_protocol); - -/* This method sets key_data of ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_key_data(grpc_gcp_handshaker_resp* resp, - const char* key_data, size_t size); - -/* This method sets local identity's hostname for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_local_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname); - -/** - * This method sets local identity's service account for ALTS handshaker - * response. - */ -bool grpc_gcp_handshaker_resp_set_local_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account); - -/* This method sets peer identity's hostname for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_peer_identity_hostname( - grpc_gcp_handshaker_resp* resp, const char* hostname); - -/** - * This method sets peer identity's service account for ALTS handshaker - * response. - */ -bool grpc_gcp_handshaker_resp_set_peer_identity_service_account( - grpc_gcp_handshaker_resp* resp, const char* service_account); - -/* This method sets keep_channel_open for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_channel_open(grpc_gcp_handshaker_resp* resp, - bool keep_channel_open); - -/* This method sets code for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_code(grpc_gcp_handshaker_resp* resp, - uint32_t code); - -/* This method sets details for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_details(grpc_gcp_handshaker_resp* resp, - const char* details); - -/* This method sets out_frames for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_out_frames(grpc_gcp_handshaker_resp* resp, - const char* out_frames, - size_t size); - -/* This method sets peer_rpc_versions for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_peer_rpc_versions( - grpc_gcp_handshaker_resp* resp, uint32_t max_major, uint32_t max_minor, - uint32_t min_major, uint32_t min_minor); - -/* This method sets bytes_consumed for ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_set_bytes_consumed(grpc_gcp_handshaker_resp* resp, - int32_t bytes_consumed); - -/* This method serializes ALTS handshaker response. */ -bool grpc_gcp_handshaker_resp_encode(grpc_gcp_handshaker_resp* resp, - grpc_slice* slice); - -/* This method de-serializes ALTS handshaker request. */ -bool grpc_gcp_handshaker_req_decode(grpc_slice slice, - grpc_gcp_handshaker_req* req); - -/** - * The second part contains function signatures for checking equality of a pair - * of ALTS handshake requests/responses. - */ - -/* This method checks equality of two client_start handshaker requests. */ -bool grpc_gcp_handshaker_client_start_req_equals( - grpc_gcp_start_client_handshake_req* l_req, - grpc_gcp_start_client_handshake_req* r_req); - -/* This method checks equality of two server_start handshaker requests. */ -bool grpc_gcp_handshaker_server_start_req_equals( - grpc_gcp_start_server_handshake_req* l_req, - grpc_gcp_start_server_handshake_req* r_req); - -/* This method checks equality of two ALTS handshaker requests. */ -bool grpc_gcp_handshaker_req_equals(grpc_gcp_handshaker_req* l_req, - grpc_gcp_handshaker_req* r_req); - -/* This method checks equality of two handshaker response results. */ -bool grpc_gcp_handshaker_resp_result_equals( - grpc_gcp_handshaker_result* l_result, grpc_gcp_handshaker_result* r_result); - -/* This method checks equality of two ALTS handshaker responses. */ -bool grpc_gcp_handshaker_resp_equals(grpc_gcp_handshaker_resp* l_resp, - grpc_gcp_handshaker_resp* r_resp); - -#endif // GRPC_TEST_CORE_TSI_ALTS_HANDSHAKER_ALTS_HANDSHAKER_SERVICE_API_TEST_LIB_H diff --git a/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc b/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc deleted file mode 100644 index 95724f84f4..0000000000 --- a/test/core/tsi/alts/handshaker/alts_tsi_handshaker_test.cc +++ /dev/null @@ -1,682 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include - -#include -#include - -#include "src/core/lib/gprpp/thd.h" -#include "src/core/tsi/alts/handshaker/alts_handshaker_client.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_event.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h" -#include "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h" -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -#define ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES "Hello World" -#define ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME "Hello Google" -#define ALTS_TSI_HANDSHAKER_TEST_CONSUMED_BYTES "Hello " -#define ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES "Google" -#define ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY "chapi@service.google.com" -#define ALTS_TSI_HANDSHAKER_TEST_KEY_DATA \ - "ABCDEFGHIJKLMNOPABCDEFGHIJKLMNOPABCDEFGHIJKL" -#define ALTS_TSI_HANDSHAKER_TEST_BUFFER_SIZE 100 -#define ALTS_TSI_HANDSHAKER_TEST_SLEEP_TIME_IN_SECONDS 2 -#define ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR 3 -#define ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR 2 -#define ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR 2 -#define ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR 1 - -using grpc_core::internal:: - alts_tsi_handshaker_get_has_sent_start_message_for_testing; -using grpc_core::internal::alts_tsi_handshaker_get_is_client_for_testing; -using grpc_core::internal::alts_tsi_handshaker_get_recv_bytes_for_testing; -using grpc_core::internal::alts_tsi_handshaker_set_client_for_testing; -using grpc_core::internal::alts_tsi_handshaker_set_recv_bytes_for_testing; - -/* ALTS mock notification. */ -typedef struct notification { - gpr_cv cv; - gpr_mu mu; - bool notified; -} notification; - -/* ALTS mock handshaker client. */ -typedef struct alts_mock_handshaker_client { - alts_handshaker_client base; - bool used_for_success_test; -} alts_mock_handshaker_client; - -/* Type of ALTS handshaker response. */ -typedef enum { - INVALID, - FAILED, - CLIENT_START, - SERVER_START, - CLIENT_NEXT, - SERVER_NEXT, -} alts_handshaker_response_type; - -static alts_tsi_event* client_start_event; -static alts_tsi_event* client_next_event; -static alts_tsi_event* server_start_event; -static alts_tsi_event* server_next_event; -static notification caller_to_tsi_notification; -static notification tsi_to_caller_notification; - -static void notification_init(notification* n) { - gpr_mu_init(&n->mu); - gpr_cv_init(&n->cv); - n->notified = false; -} - -static void notification_destroy(notification* n) { - gpr_mu_destroy(&n->mu); - gpr_cv_destroy(&n->cv); -} - -static void signal(notification* n) { - gpr_mu_lock(&n->mu); - n->notified = true; - gpr_cv_signal(&n->cv); - gpr_mu_unlock(&n->mu); -} - -static void wait(notification* n) { - gpr_mu_lock(&n->mu); - while (!n->notified) { - gpr_cv_wait(&n->cv, &n->mu, gpr_inf_future(GPR_CLOCK_REALTIME)); - } - n->notified = false; - gpr_mu_unlock(&n->mu); -} - -/** - * This method mocks ALTS handshaker service to generate handshaker response - * for a specific request. - */ -static grpc_byte_buffer* generate_handshaker_response( - alts_handshaker_response_type type) { - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_code(resp, 0)); - switch (type) { - case INVALID: - break; - case CLIENT_START: - case SERVER_START: - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames( - resp, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME))); - break; - case CLIENT_NEXT: - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames( - resp, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_service_account( - resp, ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed( - resp, strlen(ALTS_TSI_HANDSHAKER_TEST_CONSUMED_BYTES))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_key_data( - resp, ALTS_TSI_HANDSHAKER_TEST_KEY_DATA, - strlen(ALTS_TSI_HANDSHAKER_TEST_KEY_DATA))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions( - resp, ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR)); - break; - case SERVER_NEXT: - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_identity_service_account( - resp, ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY)); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_bytes_consumed( - resp, strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_key_data( - resp, ALTS_TSI_HANDSHAKER_TEST_KEY_DATA, - strlen(ALTS_TSI_HANDSHAKER_TEST_KEY_DATA))); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_peer_rpc_versions( - resp, ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MAX_RPC_VERSION_MINOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MAJOR, - ALTS_TSI_HANDSHAKER_TEST_MIN_RPC_VERSION_MINOR)); - break; - case FAILED: - GPR_ASSERT( - grpc_gcp_handshaker_resp_set_code(resp, 3 /* INVALID ARGUMENT */)); - break; - } - grpc_slice slice; - GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &slice)); - if (type == INVALID) { - grpc_slice bad_slice = - grpc_slice_split_head(&slice, GRPC_SLICE_LENGTH(slice) - 1); - grpc_slice_unref(slice); - slice = grpc_slice_ref(bad_slice); - grpc_slice_unref(bad_slice); - } - grpc_byte_buffer* buffer = - grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */); - grpc_slice_unref(slice); - grpc_gcp_handshaker_resp_destroy(resp); - return buffer; -} - -static void check_must_not_be_called(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(0); -} - -static void on_client_start_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)); - GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - bytes_to_send_size) == 0); - GPR_ASSERT(result == nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == - TSI_INVALID_ARGUMENT); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_INVALID_ARGUMENT); - /* Validate unused bytes. */ - const unsigned char* unused_bytes = nullptr; - size_t unused_bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &unused_bytes, - &unused_bytes_size) == - TSI_INVALID_ARGUMENT); - signal(&tsi_to_caller_notification); -} - -static void on_server_start_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)); - GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - bytes_to_send_size) == 0); - GPR_ASSERT(result == nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == - TSI_INVALID_ARGUMENT); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_INVALID_ARGUMENT); - /* Validate unused bytes. */ - const unsigned char* unused_bytes = nullptr; - size_t unused_bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &unused_bytes, - &unused_bytes_size) == - TSI_INVALID_ARGUMENT); - signal(&tsi_to_caller_notification); -} - -static void on_client_next_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == strlen(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME)); - GPR_ASSERT(memcmp(bytes_to_send, ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME, - bytes_to_send_size) == 0); - GPR_ASSERT(result != nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == TSI_OK); - GPR_ASSERT(peer.property_count == kTsiAltsNumOfPeerProperties); - GPR_ASSERT(memcmp(TSI_ALTS_CERTIFICATE_TYPE, peer.properties[0].value.data, - peer.properties[0].value.length) == 0); - GPR_ASSERT(memcmp(ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY, - peer.properties[1].value.data, - peer.properties[1].value.length) == 0); - tsi_peer_destruct(&peer); - /* Validate unused bytes. */ - const unsigned char* bytes = nullptr; - size_t bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &bytes, - &bytes_size) == TSI_OK); - GPR_ASSERT(bytes_size == strlen(ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES)); - GPR_ASSERT(memcmp(bytes, ALTS_TSI_HANDSHAKER_TEST_REMAIN_BYTES, bytes_size) == - 0); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_OK); - GPR_ASSERT(protector != nullptr); - tsi_frame_protector_destroy(protector); - tsi_handshaker_result_destroy(result); - signal(&tsi_to_caller_notification); -} - -static void on_server_next_success_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(result != nullptr); - /* Validate peer identity. */ - tsi_peer peer; - GPR_ASSERT(tsi_handshaker_result_extract_peer(result, &peer) == TSI_OK); - GPR_ASSERT(peer.property_count == kTsiAltsNumOfPeerProperties); - GPR_ASSERT(memcmp(TSI_ALTS_CERTIFICATE_TYPE, peer.properties[0].value.data, - peer.properties[0].value.length) == 0); - GPR_ASSERT(memcmp(ALTS_TSI_HANDSHAKER_TEST_PEER_IDENTITY, - peer.properties[1].value.data, - peer.properties[1].value.length) == 0); - tsi_peer_destruct(&peer); - /* Validate unused bytes. */ - const unsigned char* bytes = nullptr; - size_t bytes_size = 0; - GPR_ASSERT(tsi_handshaker_result_get_unused_bytes(result, &bytes, - &bytes_size) == TSI_OK); - GPR_ASSERT(bytes_size == 0); - GPR_ASSERT(bytes == nullptr); - /* Validate frame protector. */ - tsi_frame_protector* protector = nullptr; - GPR_ASSERT(tsi_handshaker_result_create_frame_protector( - result, nullptr, &protector) == TSI_OK); - GPR_ASSERT(protector != nullptr); - tsi_frame_protector_destroy(protector); - tsi_handshaker_result_destroy(result); - signal(&tsi_to_caller_notification); -} - -static tsi_result mock_client_start(alts_handshaker_client* self, - alts_tsi_event* event) { - alts_mock_handshaker_client* client = - reinterpret_cast(self); - if (!client->used_for_success_test) { - alts_tsi_event_destroy(event); - return TSI_INTERNAL_ERROR; - } - GPR_ASSERT(event->cb == on_client_start_success_cb); - GPR_ASSERT(event->user_data == nullptr); - GPR_ASSERT(!alts_tsi_handshaker_get_has_sent_start_message_for_testing( - event->handshaker)); - /* Populate handshaker response for client_start request. */ - event->recv_buffer = generate_handshaker_response(CLIENT_START); - client_start_event = event; - signal(&caller_to_tsi_notification); - return TSI_OK; -} - -static tsi_result mock_server_start(alts_handshaker_client* self, - alts_tsi_event* event, - grpc_slice* bytes_received) { - alts_mock_handshaker_client* client = - reinterpret_cast(self); - if (!client->used_for_success_test) { - alts_tsi_event_destroy(event); - return TSI_INTERNAL_ERROR; - } - GPR_ASSERT(event->cb == on_server_start_success_cb); - GPR_ASSERT(event->user_data == nullptr); - grpc_slice slice = grpc_empty_slice(); - GPR_ASSERT(grpc_slice_cmp(*bytes_received, slice) == 0); - GPR_ASSERT(!alts_tsi_handshaker_get_has_sent_start_message_for_testing( - event->handshaker)); - /* Populate handshaker response for server_start request. */ - event->recv_buffer = generate_handshaker_response(SERVER_START); - server_start_event = event; - grpc_slice_unref(slice); - signal(&caller_to_tsi_notification); - return TSI_OK; -} - -static tsi_result mock_next(alts_handshaker_client* self, alts_tsi_event* event, - grpc_slice* bytes_received) { - alts_mock_handshaker_client* client = - reinterpret_cast(self); - if (!client->used_for_success_test) { - alts_tsi_event_destroy(event); - return TSI_INTERNAL_ERROR; - } - bool is_client = - alts_tsi_handshaker_get_is_client_for_testing(event->handshaker); - if (is_client) { - GPR_ASSERT(event->cb == on_client_next_success_cb); - } else { - GPR_ASSERT(event->cb == on_server_next_success_cb); - } - GPR_ASSERT(event->user_data == nullptr); - GPR_ASSERT(bytes_received != nullptr); - GPR_ASSERT(memcmp(GRPC_SLICE_START_PTR(*bytes_received), - ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - GRPC_SLICE_LENGTH(*bytes_received)) == 0); - GPR_ASSERT(grpc_slice_cmp(alts_tsi_handshaker_get_recv_bytes_for_testing( - event->handshaker), - *bytes_received) == 0); - GPR_ASSERT(alts_tsi_handshaker_get_has_sent_start_message_for_testing( - event->handshaker)); - /* Populate handshaker response for next request. */ - grpc_slice out_frame = - grpc_slice_from_static_string(ALTS_TSI_HANDSHAKER_TEST_OUT_FRAME); - if (is_client) { - event->recv_buffer = generate_handshaker_response(CLIENT_NEXT); - } else { - event->recv_buffer = generate_handshaker_response(SERVER_NEXT); - } - alts_tsi_handshaker_set_recv_bytes_for_testing(event->handshaker, &out_frame); - if (is_client) { - client_next_event = event; - } else { - server_next_event = event; - } - signal(&caller_to_tsi_notification); - grpc_slice_unref(out_frame); - return TSI_OK; -} - -static void mock_destruct(alts_handshaker_client* client) {} - -static const alts_handshaker_client_vtable vtable = { - mock_client_start, mock_server_start, mock_next, mock_destruct}; - -static alts_handshaker_client* alts_mock_handshaker_client_create( - bool used_for_success_test) { - alts_mock_handshaker_client* client = - static_cast(gpr_zalloc(sizeof(*client))); - client->base.vtable = &vtable; - client->used_for_success_test = used_for_success_test; - return &client->base; -} - -static tsi_handshaker* create_test_handshaker(bool used_for_success_test, - bool is_client) { - tsi_handshaker* handshaker = nullptr; - alts_handshaker_client* client = - alts_mock_handshaker_client_create(used_for_success_test); - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - alts_tsi_handshaker_create(options, "target_name", "lame", is_client, - &handshaker); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast(handshaker); - alts_tsi_handshaker_set_client_for_testing(alts_handshaker, client); - grpc_alts_credentials_options_destroy(options); - return handshaker; -} - -static void check_handshaker_next_invalid_input() { - /* Initialization. */ - tsi_handshaker* handshaker = create_test_handshaker(true, true); - /* Check nullptr handshaker. */ - GPR_ASSERT(tsi_handshaker_next(nullptr, nullptr, 0, nullptr, nullptr, nullptr, - check_must_not_be_called, - nullptr) == TSI_INVALID_ARGUMENT); - /* Check nullptr callback. */ - GPR_ASSERT(tsi_handshaker_next(handshaker, nullptr, 0, nullptr, nullptr, - nullptr, nullptr, - nullptr) == TSI_INVALID_ARGUMENT); - /* Cleanup. */ - tsi_handshaker_destroy(handshaker); -} - -static void check_handshaker_next_success() { - /** - * Create handshakers for which internal mock client is going to do - * correctness check. - */ - tsi_handshaker* client_handshaker = create_test_handshaker( - true /* used_for_success_test */, true /* is_client */); - tsi_handshaker* server_handshaker = create_test_handshaker( - true /* used_for_success_test */, false /* is_client */); - /* Client start. */ - GPR_ASSERT(tsi_handshaker_next(client_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, on_client_start_success_cb, - nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Client next. */ - GPR_ASSERT(tsi_handshaker_next( - client_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, on_client_next_success_cb, nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Server start. */ - GPR_ASSERT(tsi_handshaker_next(server_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, on_server_start_success_cb, - nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Server next. */ - GPR_ASSERT(tsi_handshaker_next( - server_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, on_server_next_success_cb, nullptr) == TSI_ASYNC); - wait(&tsi_to_caller_notification); - /* Cleanup. */ - tsi_handshaker_destroy(server_handshaker); - tsi_handshaker_destroy(client_handshaker); -} - -static void check_handshaker_next_failure() { - /** - * Create handshakers for which internal mock client is always going to fail. - */ - tsi_handshaker* client_handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - tsi_handshaker* server_handshaker = create_test_handshaker( - false /* used_for_success_test */, false /* is_client */); - /* Client start. */ - GPR_ASSERT(tsi_handshaker_next(client_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Server start. */ - GPR_ASSERT(tsi_handshaker_next(server_handshaker, nullptr, 0, nullptr, - nullptr, nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Server next. */ - GPR_ASSERT(tsi_handshaker_next( - server_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Client next. */ - GPR_ASSERT(tsi_handshaker_next( - client_handshaker, - (const unsigned char*)ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES, - strlen(ALTS_TSI_HANDSHAKER_TEST_RECV_BYTES), nullptr, nullptr, - nullptr, check_must_not_be_called, - nullptr) == TSI_INTERNAL_ERROR); - /* Cleanup. */ - tsi_handshaker_destroy(server_handshaker); - tsi_handshaker_destroy(client_handshaker); -} - -static void on_invalid_input_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void on_failed_grpc_call_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void check_handle_response_invalid_input() { - /** - * Create a handshaker at the client side, for which internal mock client is - * always going to fail. - */ - tsi_handshaker* handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast(handshaker); - grpc_byte_buffer recv_buffer; - /* Check nullptr handshaker. */ - alts_tsi_handshaker_handle_response(nullptr, &recv_buffer, GRPC_STATUS_OK, - nullptr, on_invalid_input_cb, nullptr, - true); - /* Check nullptr recv_bytes. */ - alts_tsi_handshaker_handle_response(alts_handshaker, nullptr, GRPC_STATUS_OK, - nullptr, on_invalid_input_cb, nullptr, - true); - /* Check failed grpc call made to handshaker service. */ - alts_tsi_handshaker_handle_response(alts_handshaker, &recv_buffer, - GRPC_STATUS_UNKNOWN, nullptr, - on_failed_grpc_call_cb, nullptr, true); - - alts_tsi_handshaker_handle_response(alts_handshaker, &recv_buffer, - GRPC_STATUS_OK, nullptr, - on_failed_grpc_call_cb, nullptr, false); - - /* Cleanup. */ - tsi_handshaker_destroy(handshaker); -} - -static void on_invalid_resp_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_DATA_CORRUPTED); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void check_handle_response_invalid_resp() { - /** - * Create a handshaker at the client side, for which internal mock client is - * always going to fail. - */ - tsi_handshaker* handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast(handshaker); - /* Tests. */ - grpc_byte_buffer* recv_buffer = generate_handshaker_response(INVALID); - alts_tsi_handshaker_handle_response(alts_handshaker, recv_buffer, - GRPC_STATUS_OK, nullptr, - on_invalid_resp_cb, nullptr, true); - /* Cleanup. */ - grpc_byte_buffer_destroy(recv_buffer); - tsi_handshaker_destroy(handshaker); -} - -static void check_handle_response_success(void* unused) { - /* Client start. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(client_start_event, true /* is_ok */); - alts_tsi_event_destroy(client_start_event); - /* Client next. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(client_next_event, true /* is_ok */); - alts_tsi_event_destroy(client_next_event); - /* Server start. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(server_start_event, true /* is_ok */); - alts_tsi_event_destroy(server_start_event); - /* Server next. */ - wait(&caller_to_tsi_notification); - alts_tsi_event_dispatch_to_handshaker(server_next_event, true /* is_ok */); - alts_tsi_event_destroy(server_next_event); -} - -static void on_failed_resp_cb(tsi_result status, void* user_data, - const unsigned char* bytes_to_send, - size_t bytes_to_send_size, - tsi_handshaker_result* result) { - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - GPR_ASSERT(user_data == nullptr); - GPR_ASSERT(bytes_to_send == nullptr); - GPR_ASSERT(bytes_to_send_size == 0); - GPR_ASSERT(result == nullptr); -} - -static void check_handle_response_failure() { - /** - * Create a handshaker at the client side, for which internal mock client is - * always going to fail. - */ - tsi_handshaker* handshaker = create_test_handshaker( - false /* used_for_success_test */, true /* is_client */); - alts_tsi_handshaker* alts_handshaker = - reinterpret_cast(handshaker); - /* Tests. */ - grpc_byte_buffer* recv_buffer = generate_handshaker_response(FAILED); - alts_tsi_handshaker_handle_response(alts_handshaker, recv_buffer, - GRPC_STATUS_OK, nullptr, - on_failed_resp_cb, nullptr, true); - grpc_byte_buffer_destroy(recv_buffer); - /* Cleanup. */ - tsi_handshaker_destroy(handshaker); -} - -void check_handshaker_success() { - /* Initialization. */ - notification_init(&caller_to_tsi_notification); - notification_init(&tsi_to_caller_notification); - client_start_event = nullptr; - client_next_event = nullptr; - server_start_event = nullptr; - server_next_event = nullptr; - /* Tests. */ - grpc_core::Thread thd("alts_tsi_handshaker_test", - &check_handle_response_success, nullptr); - thd.Start(); - check_handshaker_next_success(); - thd.Join(); - /* Cleanup. */ - notification_destroy(&caller_to_tsi_notification); - notification_destroy(&tsi_to_caller_notification); -} - -int main(int argc, char** argv) { - /* Initialization. */ - grpc_init(); - /* Tests. */ - check_handshaker_success(); - check_handshaker_next_invalid_input(); - check_handshaker_next_failure(); - check_handle_response_invalid_input(); - check_handle_response_invalid_resp(); - check_handle_response_failure(); - /* Cleanup. */ - grpc_shutdown(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc b/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc deleted file mode 100644 index 98c5d23641..0000000000 --- a/test/core/tsi/alts/handshaker/alts_tsi_utils_test.cc +++ /dev/null @@ -1,73 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "src/core/tsi/alts/handshaker/alts_tsi_utils.h" -#include "test/core/tsi/alts/handshaker/alts_handshaker_service_api_test_lib.h" - -#define ALTS_TSI_UTILS_TEST_OUT_FRAME "Hello Google" - -static void convert_to_tsi_result_test() { - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_OK) == TSI_OK); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_UNKNOWN) == - TSI_UNKNOWN_ERROR); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result( - GRPC_STATUS_INVALID_ARGUMENT) == TSI_INVALID_ARGUMENT); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_OUT_OF_RANGE) == - TSI_UNKNOWN_ERROR); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_INTERNAL) == - TSI_INTERNAL_ERROR); - GPR_ASSERT(alts_tsi_utils_convert_to_tsi_result(GRPC_STATUS_NOT_FOUND) == - TSI_NOT_FOUND); -} - -static void deserialize_response_test() { - grpc_gcp_handshaker_resp* resp = grpc_gcp_handshaker_resp_create(); - GPR_ASSERT(grpc_gcp_handshaker_resp_set_out_frames( - resp, ALTS_TSI_UTILS_TEST_OUT_FRAME, - strlen(ALTS_TSI_UTILS_TEST_OUT_FRAME))); - grpc_slice slice; - GPR_ASSERT(grpc_gcp_handshaker_resp_encode(resp, &slice)); - - /* Valid serialization. */ - grpc_byte_buffer* buffer = - grpc_raw_byte_buffer_create(&slice, 1 /* number of slices */); - grpc_gcp_handshaker_resp* decoded_resp = - alts_tsi_utils_deserialize_response(buffer); - GPR_ASSERT(grpc_gcp_handshaker_resp_equals(resp, decoded_resp)); - grpc_byte_buffer_destroy(buffer); - - /* Invalid serializaiton. */ - grpc_slice bad_slice = - grpc_slice_split_head(&slice, GRPC_SLICE_LENGTH(slice) - 1); - buffer = grpc_raw_byte_buffer_create(&bad_slice, 1 /* number of slices */); - GPR_ASSERT(alts_tsi_utils_deserialize_response(buffer) == nullptr); - - /* Clean up. */ - grpc_slice_unref(slice); - grpc_slice_unref(bad_slice); - grpc_byte_buffer_destroy(buffer); - grpc_gcp_handshaker_resp_destroy(resp); - grpc_gcp_handshaker_resp_destroy(decoded_resp); -} - -int main(int argc, char** argv) { - /* Tests. */ - deserialize_response_test(); - convert_to_tsi_result_test(); - return 0; -} diff --git a/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc b/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc deleted file mode 100644 index 6ff1357c27..0000000000 --- a/test/core/tsi/alts/handshaker/transport_security_common_api_test.cc +++ /dev/null @@ -1,196 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include -#include - -#include "src/core/tsi/alts/handshaker/transport_security_common_api.h" - -const size_t kMaxRpcVersionMajor = 3; -const size_t kMaxRpcVersionMinor = 2; -const size_t kMinRpcVersionMajor = 2; -const size_t kMinRpcVersionMinor = 1; - -static bool grpc_gcp_rpc_protocol_versions_equal( - grpc_gcp_rpc_protocol_versions* l_versions, - grpc_gcp_rpc_protocol_versions* r_versions) { - GPR_ASSERT(l_versions != nullptr && r_versions != nullptr); - if ((l_versions->has_max_rpc_version ^ r_versions->has_max_rpc_version) | - (l_versions->has_min_rpc_version ^ r_versions->has_min_rpc_version)) { - return false; - } - if (l_versions->has_max_rpc_version) { - if ((l_versions->max_rpc_version.major != - r_versions->max_rpc_version.major) || - (l_versions->max_rpc_version.minor != - r_versions->max_rpc_version.minor)) { - return false; - } - } - if (l_versions->has_min_rpc_version) { - if ((l_versions->min_rpc_version.major != - r_versions->min_rpc_version.major) || - (l_versions->min_rpc_version.minor != - r_versions->min_rpc_version.minor)) { - return false; - } - } - return true; -} - -static void test_success() { - grpc_gcp_rpc_protocol_versions version; - grpc_gcp_rpc_protocol_versions decoded_version; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max( - &version, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min( - &version, kMinRpcVersionMajor, kMinRpcVersionMinor)); - /* Serializes to raw bytes. */ - size_t encoded_length = - grpc_gcp_rpc_protocol_versions_encode_length(&version); - uint8_t* encoded_bytes = static_cast(gpr_malloc(encoded_length)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - &version, encoded_bytes, encoded_length)); - grpc_slice encoded_slice; - /* Serializes to grpc slice. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&version, &encoded_slice)); - /* Checks serialized raw bytes and serialized grpc slice have same content. */ - GPR_ASSERT(encoded_length == GRPC_SLICE_LENGTH(encoded_slice)); - GPR_ASSERT(memcmp(encoded_bytes, GRPC_SLICE_START_PTR(encoded_slice), - encoded_length) == 0); - /* Deserializes and compares with the original version. */ - GPR_ASSERT( - grpc_gcp_rpc_protocol_versions_decode(encoded_slice, &decoded_version)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_equal(&version, &decoded_version)); - grpc_slice_unref(encoded_slice); - gpr_free(encoded_bytes); -} - -static void test_failure() { - grpc_gcp_rpc_protocol_versions version, decoded_version; - grpc_slice encoded_slice; - /* Test for invalid arguments. */ - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_set_max( - nullptr, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_set_min( - nullptr, kMinRpcVersionMajor, kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode_length(nullptr) == 0); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max( - &version, kMaxRpcVersionMajor, kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min( - &version, kMinRpcVersionMajor, kMinRpcVersionMinor)); - size_t encoded_length = - grpc_gcp_rpc_protocol_versions_encode_length(&version); - uint8_t* encoded_bytes = static_cast(gpr_malloc(encoded_length)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - nullptr, encoded_bytes, encoded_length)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - &version, nullptr, encoded_length)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode_to_raw_bytes( - &version, encoded_bytes, 0)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode(nullptr, &encoded_slice)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_encode(&version, nullptr)); - GPR_ASSERT(!grpc_gcp_rpc_protocol_versions_decode(encoded_slice, nullptr)); - /* Test for nanopb decode. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_encode(&version, &encoded_slice)); - grpc_slice bad_slice = grpc_slice_split_head( - &encoded_slice, GRPC_SLICE_LENGTH(encoded_slice) - 1); - grpc_slice_unref(encoded_slice); - GPR_ASSERT( - !grpc_gcp_rpc_protocol_versions_decode(bad_slice, &decoded_version)); - grpc_slice_unref(bad_slice); - gpr_free(encoded_bytes); -} - -static void test_copy() { - grpc_gcp_rpc_protocol_versions src; - grpc_gcp_rpc_protocol_versions des; - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&src, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&src, kMinRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_copy(&src, &des)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_equal(&src, &des)); -} - -static void test_check_success() { - grpc_gcp_rpc_protocol_versions v1; - grpc_gcp_rpc_protocol_versions v2; - grpc_gcp_rpc_protocol_versions_version highest_common_version; - /* test equality. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check( - (const grpc_gcp_rpc_protocol_versions*)&v1, - (const grpc_gcp_rpc_protocol_versions*)&v2, - &highest_common_version) == 1); - GPR_ASSERT(grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - &highest_common_version, &v1.max_rpc_version) == 0); - - /* test inequality. */ - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMinRpcVersionMinor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMinRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check( - (const grpc_gcp_rpc_protocol_versions*)&v1, - (const grpc_gcp_rpc_protocol_versions*)&v2, - &highest_common_version) == 1); - GPR_ASSERT(grpc_core::internal::grpc_gcp_rpc_protocol_version_compare( - &highest_common_version, &v2.max_rpc_version) == 0); -} - -static void test_check_failure() { - grpc_gcp_rpc_protocol_versions v1; - grpc_gcp_rpc_protocol_versions v2; - grpc_gcp_rpc_protocol_versions_version highest_common_version; - - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v1, kMinRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v1, kMinRpcVersionMajor, - kMinRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_min(&v2, kMaxRpcVersionMajor, - kMaxRpcVersionMinor)); - GPR_ASSERT(grpc_gcp_rpc_protocol_versions_check( - (const grpc_gcp_rpc_protocol_versions*)&v1, - (const grpc_gcp_rpc_protocol_versions*)&v2, - &highest_common_version) == 0); -} - -int main(int argc, char** argv) { - /* Run tests. */ - test_success(); - test_failure(); - test_copy(); - test_check_success(); - test_check_failure(); - return 0; -} diff --git a/test/core/tsi/alts/zero_copy_frame_protector/BUILD b/test/core/tsi/alts/zero_copy_frame_protector/BUILD deleted file mode 100644 index 80f4572d94..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/BUILD +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2018 gRPC authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -load("//bazel:grpc_build_system.bzl", "grpc_cc_test", "grpc_package") - -licenses(["notice"]) # Apache v2 - -grpc_package(name = "zero_copy_frame_protector") - -grpc_cc_test( - name = "alts_grpc_record_protocol_test", - srcs = ["alts_grpc_record_protocol_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_iovec_record_protocol_test", - srcs = ["alts_iovec_record_protocol_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) - -grpc_cc_test( - name = "alts_zero_copy_grpc_protector_test", - srcs = ["alts_zero_copy_grpc_protector_test.cc"], - language = "C++", - deps = [ - "//:grpc", - "//test/core/tsi/alts/crypt:alts_crypt_test_util", - ], -) diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc deleted file mode 100644 index fbbea71cb7..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_test.cc +++ /dev/null @@ -1,449 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include - -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -constexpr size_t kMaxSliceLength = 256; -constexpr size_t kMaxSlices = 10; -constexpr size_t kSealRepeatTimes = 5; -constexpr size_t kTagLength = 16; - -/* Test fixtures for each test cases. */ -struct alts_grpc_record_protocol_test_fixture { - alts_grpc_record_protocol* client_protect; - alts_grpc_record_protocol* client_unprotect; - alts_grpc_record_protocol* server_protect; - alts_grpc_record_protocol* server_unprotect; -}; - -/* Test input variables for protect/unprotect operations. */ -struct alts_grpc_record_protocol_test_var { - size_t header_length; - size_t tag_length; - grpc_slice_buffer original_sb; - grpc_slice_buffer duplicate_sb; - grpc_slice_buffer protected_sb; - grpc_slice_buffer unprotected_sb; -}; - -/* --- Test utility functions. --- */ - -static void create_random_slice_buffer(grpc_slice_buffer* sb) { - GPR_ASSERT(sb != nullptr); - size_t slice_count = gsec_test_bias_random_uint32(kMaxSlices) + 1; - for (size_t i = 0; i < slice_count; i++) { - size_t slice_length = gsec_test_bias_random_uint32(kMaxSliceLength) + 1; - grpc_slice slice = GRPC_SLICE_MALLOC(slice_length); - gsec_test_random_bytes(GRPC_SLICE_START_PTR(slice), slice_length); - grpc_slice_buffer_add(sb, slice); - } -} - -static uint8_t* pointer_to_nth_byte(grpc_slice_buffer* sb, size_t index) { - GPR_ASSERT(sb != nullptr); - GPR_ASSERT(index < sb->length); - for (size_t i = 0; i < sb->count; i++) { - if (index < GRPC_SLICE_LENGTH(sb->slices[i])) { - return GRPC_SLICE_START_PTR(sb->slices[i]) + index; - } else { - index -= GRPC_SLICE_LENGTH(sb->slices[i]); - } - } - return nullptr; -} - -/* Checks if two slice buffer contents are the same. It is not super efficient, - * but OK for testing. */ -static bool are_slice_buffers_equal(grpc_slice_buffer* first, - grpc_slice_buffer* second) { - GPR_ASSERT(first != nullptr); - GPR_ASSERT(second != nullptr); - if (first->length != second->length) { - return false; - } - for (size_t i = 0; i < first->length; i++) { - uint8_t* first_ptr = pointer_to_nth_byte(first, i); - uint8_t* second_ptr = pointer_to_nth_byte(second, i); - GPR_ASSERT(first_ptr != nullptr); - GPR_ASSERT(second_ptr != nullptr); - if ((*first_ptr) != (*second_ptr)) { - return false; - } - } - return true; -} - -static void alter_random_byte(grpc_slice_buffer* sb) { - GPR_ASSERT(sb != nullptr); - if (sb->length == 0) { - return; - } - uint32_t offset = - gsec_test_bias_random_uint32(static_cast(sb->length)); - uint8_t* ptr = pointer_to_nth_byte(sb, offset); - (*ptr)++; -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_integrity_only_create(bool rekey) { - alts_grpc_record_protocol_test_fixture* fixture = - static_cast( - gpr_zalloc(sizeof(alts_grpc_record_protocol_test_fixture))); - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aead_crypter* crypter = nullptr; - - /* Create client record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/true, - &fixture->client_protect) == TSI_OK); - /* Create client record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/false, - &fixture->client_unprotect) == TSI_OK); - /* Create server record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/true, - &fixture->server_protect) == TSI_OK); - /* Create server record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_integrity_only_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/false, - &fixture->server_unprotect) == TSI_OK); - - gpr_free(key); - return fixture; -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_integrity_only_no_rekey_create() { - return test_fixture_integrity_only_create(false); -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_integrity_only_rekey_create() { - return test_fixture_integrity_only_create(true); -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_privacy_integrity_create(bool rekey) { - alts_grpc_record_protocol_test_fixture* fixture = - static_cast( - gpr_zalloc(sizeof(alts_grpc_record_protocol_test_fixture))); - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aead_crypter* crypter = nullptr; - - /* Create client record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/true, - &fixture->client_protect) == TSI_OK); - /* Create client record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/true, /*is_protect=*/false, - &fixture->client_unprotect) == TSI_OK); - /* Create server record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/true, - &fixture->server_protect) == TSI_OK); - /* Create server record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_grpc_privacy_integrity_record_protocol_create( - crypter, 8, /*is_client=*/false, /*is_protect=*/false, - &fixture->server_unprotect) == TSI_OK); - - gpr_free(key); - return fixture; -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_privacy_integrity_no_rekey_create() { - return test_fixture_privacy_integrity_create(false); -} - -static alts_grpc_record_protocol_test_fixture* -test_fixture_privacy_integrity_rekey_create() { - return test_fixture_privacy_integrity_create(true); -} - -static void alts_grpc_record_protocol_test_fixture_destroy( - alts_grpc_record_protocol_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } - grpc_core::ExecCtx exec_ctx; - alts_grpc_record_protocol_destroy(fixture->client_protect); - alts_grpc_record_protocol_destroy(fixture->client_unprotect); - alts_grpc_record_protocol_destroy(fixture->server_protect); - alts_grpc_record_protocol_destroy(fixture->server_unprotect); - grpc_core::ExecCtx::Get()->Flush(); - gpr_free(fixture); -} - -static alts_grpc_record_protocol_test_var* -alts_grpc_record_protocol_test_var_create() { - alts_grpc_record_protocol_test_var* var = - static_cast( - gpr_zalloc(sizeof(alts_grpc_record_protocol_test_var))); - var->header_length = alts_iovec_record_protocol_get_header_length(); - var->tag_length = kTagLength; - /* Initialized slice buffers. */ - grpc_slice_buffer_init(&var->original_sb); - grpc_slice_buffer_init(&var->duplicate_sb); - grpc_slice_buffer_init(&var->protected_sb); - grpc_slice_buffer_init(&var->unprotected_sb); - /* Randomly sets content of original_sb, and copies into duplicate_sb. */ - create_random_slice_buffer(&var->original_sb); - for (size_t i = 0; i < var->original_sb.count; i++) { - grpc_slice_buffer_add(&var->duplicate_sb, - grpc_slice_ref(var->original_sb.slices[i])); - } - return var; -} - -static void alts_grpc_record_protocol_test_var_destroy( - alts_grpc_record_protocol_test_var* var) { - if (var == nullptr) { - return; - } - grpc_slice_buffer_destroy_internal(&var->original_sb); - grpc_slice_buffer_destroy_internal(&var->duplicate_sb); - grpc_slice_buffer_destroy_internal(&var->protected_sb); - grpc_slice_buffer_destroy_internal(&var->unprotected_sb); - gpr_free(var); -} - -/* --- alts grpc record protocol tests. --- */ - -static void random_seal_unseal(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals and then unseals. */ - size_t data_length = var->original_sb.length; - tsi_result status = alts_grpc_record_protocol_protect( - sender, &var->original_sb, &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(var->protected_sb.length == - data_length + var->header_length + var->tag_length); - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_grpc_record_protocol_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -static void empty_seal_unseal(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals and then unseals empty payload. */ - grpc_slice_buffer_reset_and_unref_internal(&var->original_sb); - grpc_slice_buffer_reset_and_unref_internal(&var->duplicate_sb); - tsi_result status = alts_grpc_record_protocol_protect( - sender, &var->original_sb, &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT(var->protected_sb.length == - var->header_length + var->tag_length); - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_grpc_record_protocol_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -static void unsync_seal_unseal(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - tsi_result status; - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals once. */ - status = alts_grpc_record_protocol_protect(sender, &var->original_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - grpc_slice_buffer_reset_and_unref_internal(&var->protected_sb); - /* Seals again. */ - status = alts_grpc_record_protocol_protect(sender, &var->duplicate_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - /* Unseals the second frame. */ - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - alts_grpc_record_protocol_test_var_destroy(var); - grpc_core::ExecCtx::Get()->Flush(); -} - -static void corrupted_data(alts_grpc_record_protocol* sender, - alts_grpc_record_protocol* receiver) { - grpc_core::ExecCtx exec_ctx; - tsi_result status; - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Seals once. */ - status = alts_grpc_record_protocol_protect(sender, &var->original_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - /* Corrupts one byte in protected_sb and tries to unprotect. */ - alter_random_byte(&var->protected_sb); - status = alts_grpc_record_protocol_unprotect(receiver, &var->protected_sb, - &var->unprotected_sb); - GPR_ASSERT(status == TSI_INTERNAL_ERROR); - alts_grpc_record_protocol_test_var_destroy(var); - grpc_core::ExecCtx::Get()->Flush(); -} - -static void input_check(alts_grpc_record_protocol* rp) { - grpc_core::ExecCtx exec_ctx; - tsi_result status; - alts_grpc_record_protocol_test_var* var = - alts_grpc_record_protocol_test_var_create(); - /* Protects with nullptr input. */ - status = alts_grpc_record_protocol_protect(rp, nullptr, &var->protected_sb); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - status = alts_grpc_record_protocol_protect(rp, &var->original_sb, nullptr); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - /* Unprotects with nullptr input. */ - status = alts_grpc_record_protocol_protect(rp, &var->original_sb, - &var->protected_sb); - GPR_ASSERT(status == TSI_OK); - status = - alts_grpc_record_protocol_unprotect(rp, nullptr, &var->unprotected_sb); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - status = alts_grpc_record_protocol_unprotect(rp, &var->protected_sb, nullptr); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - /* Unprotects on a temporary slice buffer which length is smaller than header - * length plus tag length. */ - grpc_slice_buffer temp_sb; - grpc_slice_buffer_init(&temp_sb); - grpc_slice_buffer_move_first( - &var->protected_sb, var->header_length + var->tag_length - 1, &temp_sb); - status = - alts_grpc_record_protocol_unprotect(rp, &temp_sb, &var->unprotected_sb); - GPR_ASSERT(status == TSI_INVALID_ARGUMENT); - grpc_slice_buffer_destroy_internal(&temp_sb); - alts_grpc_record_protocol_test_var_destroy(var); - grpc_core::ExecCtx::Get()->Flush(); -} - -/* --- Test cases. --- */ - -static void alts_grpc_record_protocol_random_seal_unseal_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - random_seal_unseal(fixture->client_protect, fixture->server_unprotect); - random_seal_unseal(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_empty_seal_unseal_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - empty_seal_unseal(fixture->client_protect, fixture->server_unprotect); - empty_seal_unseal(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_unsync_seal_unseal_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - unsync_seal_unseal(fixture->client_protect, fixture->server_unprotect); - unsync_seal_unseal(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_corrupted_data_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - corrupted_data(fixture->client_protect, fixture->server_unprotect); - corrupted_data(fixture->server_protect, fixture->client_unprotect); -} - -static void alts_grpc_record_protocol_input_check_tests( - alts_grpc_record_protocol_test_fixture* fixture) { - input_check(fixture->client_protect); -} - -static void alts_grpc_record_protocol_tests( - alts_grpc_record_protocol_test_fixture* (*fixture_create)()) { - auto* fixture_1 = fixture_create(); - alts_grpc_record_protocol_random_seal_unseal_tests(fixture_1); - alts_grpc_record_protocol_test_fixture_destroy(fixture_1); - - auto* fixture_2 = fixture_create(); - alts_grpc_record_protocol_empty_seal_unseal_tests(fixture_2); - alts_grpc_record_protocol_test_fixture_destroy(fixture_2); - - auto* fixture_3 = fixture_create(); - alts_grpc_record_protocol_unsync_seal_unseal_tests(fixture_3); - alts_grpc_record_protocol_test_fixture_destroy(fixture_3); - - auto* fixture_4 = fixture_create(); - alts_grpc_record_protocol_corrupted_data_tests(fixture_4); - alts_grpc_record_protocol_test_fixture_destroy(fixture_4); - - auto* fixture_5 = fixture_create(); - alts_grpc_record_protocol_input_check_tests(fixture_5); - alts_grpc_record_protocol_test_fixture_destroy(fixture_5); -} - -int main(int argc, char** argv) { - alts_grpc_record_protocol_tests(&test_fixture_integrity_only_no_rekey_create); - alts_grpc_record_protocol_tests(&test_fixture_integrity_only_rekey_create); - alts_grpc_record_protocol_tests( - &test_fixture_privacy_integrity_no_rekey_create); - alts_grpc_record_protocol_tests(&test_fixture_privacy_integrity_rekey_create); - - return 0; -} diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc deleted file mode 100644 index db1934bbae..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol_test.cc +++ /dev/null @@ -1,928 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include - -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -constexpr size_t kMaxDataSize = 1024; -constexpr size_t kMaxSlices = 10; -constexpr size_t kSealRepeatTimes = 5; -constexpr size_t kTagLength = 16; - -/* Test fixtures for each test cases. */ -struct alts_iovec_record_protocol_test_fixture { - alts_iovec_record_protocol* client_protect; - alts_iovec_record_protocol* client_unprotect; - alts_iovec_record_protocol* server_protect; - alts_iovec_record_protocol* server_unprotect; -}; - -/* Test variables for protect/unprotect operations. */ -struct alts_iovec_record_protocol_test_var { - uint8_t* header_buf; - size_t header_length; - iovec_t header_iovec; - uint8_t* tag_buf; - size_t tag_length; - iovec_t tag_iovec; - uint8_t* data_buf; - uint8_t* dup_buf; - size_t data_length; - iovec_t* data_iovec; - size_t data_iovec_length; - uint8_t* protected_buf; - iovec_t protected_iovec; - iovec_t unprotected_iovec; -}; - -/* --- Test utility functions. --- */ - -static void randomly_slice(uint8_t* input, size_t input_length, - iovec_t** output, size_t* output_length) { - if (input_length == 0) { - *output = nullptr; - *output_length = 0; - return; - } - *output_length = gsec_test_bias_random_uint32(kMaxSlices) + 1; - *output = static_cast(gpr_malloc(*output_length * sizeof(iovec_t))); - for (size_t i = 0; i < *output_length - 1; i++) { - size_t slice_length = - gsec_test_bias_random_uint32(static_cast(input_length)); - iovec_t slice = {input, slice_length}; - (*output)[i] = slice; - input += slice_length; - input_length -= slice_length; - } - iovec_t slice = {input, input_length}; - (*output)[*output_length - 1] = slice; -} - -static size_t alter_random_byte(uint8_t* buf, size_t buf_length) { - GPR_ASSERT(buf != nullptr); - uint32_t offset = - gsec_test_bias_random_uint32(static_cast(buf_length)); - (*(buf + offset))++; - return offset; -} - -static void revert_back_alter(uint8_t* buf, size_t offset) { - GPR_ASSERT(buf != nullptr); - (*(buf + offset))--; -} - -static alts_iovec_record_protocol_test_fixture* -alts_iovec_record_protocol_test_fixture_create(bool rekey, - bool integrity_only) { - alts_iovec_record_protocol_test_fixture* fixture = - static_cast( - gpr_malloc(sizeof(alts_iovec_record_protocol_test_fixture))); - size_t overflow_size = 8; - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - gsec_test_random_array(&key, key_length); - gsec_aead_crypter* crypter = nullptr; - /* Create client record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/true, integrity_only, - /*is_protect=*/true, &fixture->client_protect, - nullptr) == GRPC_STATUS_OK); - /* Create client record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/true, integrity_only, - /*is_protect=*/false, &fixture->client_unprotect, - nullptr) == GRPC_STATUS_OK); - /* Create server record protocol for protect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/false, integrity_only, - /*is_protect=*/true, &fixture->server_protect, - nullptr) == GRPC_STATUS_OK); - /* Create server record protocol for unprotect. */ - GPR_ASSERT(gsec_aes_gcm_aead_crypter_create( - key, key_length, kAesGcmNonceLength, kAesGcmTagLength, rekey, - &crypter, nullptr) == GRPC_STATUS_OK); - GPR_ASSERT(alts_iovec_record_protocol_create( - crypter, overflow_size, /*is_client=*/false, integrity_only, - /*is_protect=*/false, &fixture->server_unprotect, - nullptr) == GRPC_STATUS_OK); - - gpr_free(key); - return fixture; -} - -static void alts_iovec_record_protocol_test_fixture_destroy( - alts_iovec_record_protocol_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } - alts_iovec_record_protocol_destroy(fixture->client_protect); - alts_iovec_record_protocol_destroy(fixture->client_unprotect); - alts_iovec_record_protocol_destroy(fixture->server_protect); - alts_iovec_record_protocol_destroy(fixture->server_unprotect); - gpr_free(fixture); -} - -static alts_iovec_record_protocol_test_var* -alts_iovec_record_protocol_test_var_create() { - auto* var = static_cast( - gpr_zalloc(sizeof(alts_iovec_record_protocol_test_var))); - /* Sets header buffer. */ - var->header_length = alts_iovec_record_protocol_get_header_length(); - var->header_buf = static_cast(gpr_malloc(var->header_length)); - var->header_iovec.iov_base = var->header_buf; - var->header_iovec.iov_len = var->header_length; - /* Sets tag buffer. */ - var->tag_length = kTagLength; - var->tag_buf = static_cast(gpr_malloc(var->tag_length)); - var->tag_iovec.iov_base = var->tag_buf; - var->tag_iovec.iov_len = var->tag_length; - /* Randomly sets data buffer and duplicates to dup_buf. */ - var->data_length = gsec_test_bias_random_uint32(kMaxDataSize) + 1; - var->data_buf = static_cast(gpr_malloc(var->data_length)); - gsec_test_random_bytes(var->data_buf, var->data_length); - gsec_test_copy(var->data_buf, &var->dup_buf, var->data_length); - var->data_iovec = nullptr; - var->data_iovec_length = 0; - randomly_slice(var->data_buf, var->data_length, &var->data_iovec, - &var->data_iovec_length); - /* Sets protected iovec. */ - size_t protected_buf_length = - var->header_length + var->data_length + var->tag_length; - var->protected_buf = static_cast(gpr_malloc(protected_buf_length)); - var->protected_iovec.iov_base = var->protected_buf; - var->protected_iovec.iov_len = protected_buf_length; - /* Unprotected iovec points to data_buf. */ - var->unprotected_iovec.iov_base = var->data_buf; - var->unprotected_iovec.iov_len = var->data_length; - return var; -} - -static void alts_iovec_record_protocol_test_var_destroy( - alts_iovec_record_protocol_test_var* var) { - if (var == nullptr) { - return; - } - gpr_free(var->header_buf); - gpr_free(var->tag_buf); - gpr_free(var->data_buf); - gpr_free(var->dup_buf); - gpr_free(var->data_iovec); - gpr_free(var->protected_buf); - gpr_free(var); -} - -/* --- Integrity-only protect/unprotect tests. --- */ - -static void integrity_only_random_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - /* Seals and then unseals. */ - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - gpr_free(var->data_iovec); - /* Randomly slices data buffer again. */ - randomly_slice(var->data_buf, var->data_length, &var->data_iovec, - &var->data_iovec_length); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Makes sure data buffer has not been modified during - * seal/unseal. */ - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); - } -} - -static void integrity_only_empty_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - /* Seals and then unseals empty payload. */ - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, nullptr, 0, var->header_iovec, var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, nullptr, 0, var->header_iovec, var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - alts_iovec_record_protocol_test_var_destroy(var); - } -} - -static void integrity_only_unsync_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals once. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - alts_iovec_record_protocol_test_var_destroy(var); - /* Seals again. */ - var = alts_iovec_record_protocol_test_var_create(); - status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseals the second frame. */ - char* error_message = nullptr; - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_only_corrupted_data( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals the data first. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - sender, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Alter frame length field. */ - char* error_message = nullptr; - size_t offset = - alter_random_byte(var->header_buf, kZeroCopyFrameLengthFieldSize); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Bad frame length.")); - gpr_free(error_message); - revert_back_alter(var->header_buf, offset); - /* Alter message type field. */ - offset = alter_random_byte(var->header_buf + kZeroCopyFrameLengthFieldSize, - kZeroCopyFrameMessageTypeFieldSize); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Unsupported message type.")); - gpr_free(error_message); - revert_back_alter(var->header_buf + kZeroCopyFrameLengthFieldSize, offset); - /* Alter data. */ - offset = alter_random_byte(var->data_buf, var->data_length); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - revert_back_alter(var->data_buf, offset); - /* Alter tag. */ - offset = alter_random_byte(var->tag_buf, var->tag_length); - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - revert_back_alter(var->tag_buf, offset); - /* Reverted protected data should be verified correctly. */ - status = alts_iovec_record_protocol_integrity_only_unprotect( - receiver, var->data_iovec, var->data_iovec_length, var->header_iovec, - var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_only_protect_input_check(alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Header buffer is nullptr. */ - iovec_t header_iovec = {nullptr, var->header_length}; - grpc_status_code status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header is nullptr.")); - gpr_free(error_message); - /* Header buffer length is 0. */ - header_iovec.iov_base = var->header_buf; - header_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header length is incorrect.")); - gpr_free(error_message); - /* Tag buffer is nullptr. */ - iovec_t tag_iovec = {nullptr, var->tag_length}; - status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "Tag is nullptr.")); - gpr_free(error_message); - /* Tag buffer length is 0. */ - tag_iovec.iov_base = var->tag_buf; - tag_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_protect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Tag length is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_only_unprotect_input_check( - alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Header buffer is nullptr. */ - iovec_t header_iovec = {nullptr, var->header_length}; - grpc_status_code status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header is nullptr.")); - gpr_free(error_message); - /* Header buffer length is 0. */ - header_iovec.iov_base = var->header_buf; - header_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, header_iovec, var->tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header length is incorrect.")); - gpr_free(error_message); - /* Tag buffer is nullptr. */ - iovec_t tag_iovec = {nullptr, var->tag_length}; - status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, "Tag is nullptr.")); - gpr_free(error_message); - /* Tag buffer length is 0. */ - tag_iovec.iov_base = var->tag_buf; - tag_iovec.iov_len = 0; - status = alts_iovec_record_protocol_integrity_only_unprotect( - rp, var->data_iovec, var->data_iovec_length, var->header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Tag length is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -/* --- Privacy-integrity protect/unprotect tests. --- */ - -static void privacy_integrity_random_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - /* Seals and then unseals. */ - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, - var->protected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - iovec_t header_iovec = {var->protected_buf, var->header_length}; - gpr_free(var->data_iovec); - /* Randomly slices protected buffer, excluding the header. */ - randomly_slice(var->protected_buf + var->header_length, - var->data_length + var->tag_length, &var->data_iovec, - &var->data_iovec_length); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, var->data_iovec, var->data_iovec_length, - var->unprotected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Makes sure unprotected data are the same as the original. */ - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); - } -} - -static void privacy_integrity_empty_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - size_t empty_payload_frame_size = var->header_length + var->tag_length; - auto* protected_buf = - static_cast(gpr_malloc(empty_payload_frame_size)); - for (size_t i = 0; i < kSealRepeatTimes; i++) { - iovec_t protected_iovec = {protected_buf, empty_payload_frame_size}; - iovec_t unprotected_iovec = {nullptr, 0}; - iovec_t data_iovec = {protected_buf + var->header_length, var->tag_length}; - /* Seals and then unseals empty payload. */ - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, nullptr, 0, protected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - iovec_t header_iovec = {protected_buf, var->header_length}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &data_iovec, 1, unprotected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - } - gpr_free(protected_buf); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_unsync_seal_unseal( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals once. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, var->protected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - alts_iovec_record_protocol_test_var_destroy(var); - /* Seals again. */ - var = alts_iovec_record_protocol_test_var_create(); - status = alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, var->protected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseals the second frame. */ - char* error_message = nullptr; - iovec_t header_iovec = {var->protected_buf, var->header_length}; - iovec_t protected_iovec = {var->protected_buf + var->header_length, - var->data_length + var->tag_length}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_corrupted_data( - alts_iovec_record_protocol* sender, alts_iovec_record_protocol* receiver) { - /* Seals the data first. */ - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - sender, var->data_iovec, var->data_iovec_length, var->protected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - char* error_message = nullptr; - uint8_t* header_buf = var->protected_buf; - size_t header_length = var->header_length; - iovec_t header_iovec = {header_buf, header_length}; - /* The following protected_buf and protected_length excludes header. */ - uint8_t* protected_buf = var->protected_buf + var->header_length; - size_t protected_length = var->data_length + var->tag_length; - iovec_t protected_iovec = {protected_buf, protected_length}; - /* Alter frame length field. */ - size_t offset = alter_random_byte(header_buf, kZeroCopyFrameLengthFieldSize); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Bad frame length.")); - gpr_free(error_message); - revert_back_alter(header_buf, offset); - /* Alter message type field. */ - offset = alter_random_byte(header_buf + kZeroCopyFrameLengthFieldSize, - kZeroCopyFrameMessageTypeFieldSize); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Unsupported message type.")); - gpr_free(error_message); - revert_back_alter(header_buf + kZeroCopyFrameLengthFieldSize, offset); - /* Alter protected data. */ - offset = alter_random_byte(protected_buf, protected_length); - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed.")); - gpr_free(error_message); - revert_back_alter(protected_buf, offset); - /* Reverted protected data should be verified correctly. */ - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - receiver, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - GPR_ASSERT(memcmp(var->data_buf, var->dup_buf, var->data_length) == 0); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_protect_input_check( - alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Protected output buffer is nullptr. */ - iovec_t protected_iovec = {nullptr, var->protected_iovec.iov_len}; - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_protect( - rp, var->data_iovec, var->data_iovec_length, protected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Protected frame is nullptr.")); - gpr_free(error_message); - /* Protected output buffer length incorrect. */ - protected_iovec.iov_base = var->protected_buf; - protected_iovec.iov_len = var->header_length + var->data_length; - status = alts_iovec_record_protocol_privacy_integrity_protect( - rp, var->data_iovec, var->data_iovec_length, protected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Protected frame size is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_integrity_unprotect_input_check( - alts_iovec_record_protocol* rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - char* error_message = nullptr; - /* Header buffer is nullptr. */ - iovec_t header_iovec = {var->protected_buf, var->header_length}; - iovec_t protected_iovec = {var->protected_buf + var->header_length, - var->data_length + var->tag_length}; - header_iovec.iov_base = nullptr; - grpc_status_code status = - alts_iovec_record_protocol_privacy_integrity_unprotect( - rp, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header is nullptr.")); - gpr_free(error_message); - header_iovec.iov_base = var->protected_buf; - /* Header buffer length is 0. */ - header_iovec.iov_len = 0; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - rp, header_iovec, &protected_iovec, 1, var->unprotected_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Header length is incorrect.")); - gpr_free(error_message); - header_iovec.iov_len = var->header_length; - /* Unprotected output buffer length is incorrect. */ - iovec_t unprotected_iovec = {var->data_buf, var->data_length - 1}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - rp, header_iovec, &protected_iovec, 1, unprotected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INVALID_ARGUMENT, error_message, - "Unprotected data size is incorrect.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -/* --- Integrity-only and privacy-integrity mixed. --- */ - -static void record_protocol_wrong_mode( - alts_iovec_record_protocol* integrity_only_protect_rp, - alts_iovec_record_protocol* integrity_only_unprotect_rp, - alts_iovec_record_protocol* privacy_integrity_protect_rp, - alts_iovec_record_protocol* privacy_integrity_unprotect_rp) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status; - char* error_message = nullptr; - /* Call integrity-only protect on privacy-integrity record protocol. */ - status = alts_iovec_record_protocol_integrity_only_protect( - privacy_integrity_protect_rp, var->data_iovec, var->data_iovec_length, - var->header_iovec, var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Integrity-only operations are not allowed for this object.")); - gpr_free(error_message); - /* Call integrity-only unprotect on privacy-integrity record protocol. */ - status = alts_iovec_record_protocol_integrity_only_unprotect( - privacy_integrity_unprotect_rp, var->data_iovec, var->data_iovec_length, - var->header_iovec, var->tag_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Integrity-only operations are not allowed for this object.")); - gpr_free(error_message); - /* Call privacy-integrity protect on integrity-only record protocol. */ - status = alts_iovec_record_protocol_privacy_integrity_protect( - integrity_only_protect_rp, var->data_iovec, var->data_iovec_length, - var->protected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Privacy-integrity operations are not allowed for this object.")); - gpr_free(error_message); - /* Call privacy-integrity unprotect on integrity-only record protocol. */ - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - integrity_only_unprotect_rp, var->header_iovec, var->data_iovec, - var->data_iovec_length, var->unprotected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_FAILED_PRECONDITION, error_message, - "Privacy-integrity operations are not allowed for this object.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void integrity_seal_privacy_unseal( - alts_iovec_record_protocol* integrity_only_sender, - alts_iovec_record_protocol* privacy_integrity_receiver) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status; - char* error_message = nullptr; - /* Seals with integrity-only protect. */ - status = alts_iovec_record_protocol_integrity_only_protect( - integrity_only_sender, var->data_iovec, var->data_iovec_length, - var->header_iovec, var->tag_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseal with privacy-integrity unprotect. */ - memcpy(var->protected_buf, var->data_buf, var->data_length); - memcpy(var->protected_buf + var->data_length, var->tag_buf, var->tag_length); - iovec_t protected_iovec = {var->protected_buf, - var->data_length + var->tag_length}; - status = alts_iovec_record_protocol_privacy_integrity_unprotect( - privacy_integrity_receiver, var->header_iovec, &protected_iovec, 1, - var->unprotected_iovec, &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, "Frame decryption failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -static void privacy_seal_integrity_unseal( - alts_iovec_record_protocol* privacy_integrity_sender, - alts_iovec_record_protocol* integrity_only_receiver) { - alts_iovec_record_protocol_test_var* var = - alts_iovec_record_protocol_test_var_create(); - grpc_status_code status; - char* error_message = nullptr; - /* Seals with privacy-integrity protect. */ - status = alts_iovec_record_protocol_privacy_integrity_protect( - privacy_integrity_sender, var->data_iovec, var->data_iovec_length, - var->protected_iovec, nullptr); - GPR_ASSERT(status == GRPC_STATUS_OK); - /* Unseal with integrity-only unprotect. */ - iovec_t header_iovec = {var->protected_buf, var->header_length}; - iovec_t data_iovec = {var->protected_buf + var->header_length, - var->data_length}; - iovec_t tag_iovec = { - var->protected_buf + var->header_length + var->data_length, - var->tag_length}; - status = alts_iovec_record_protocol_integrity_only_unprotect( - integrity_only_receiver, &data_iovec, 1, header_iovec, tag_iovec, - &error_message); - GPR_ASSERT(gsec_test_expect_compare_code_and_substr( - status, GRPC_STATUS_INTERNAL, error_message, - "Frame tag verification failed.")); - gpr_free(error_message); - alts_iovec_record_protocol_test_var_destroy(var); -} - -/* --- Test cases. --- */ - -static void alts_iovec_record_protocol_random_seal_unseal_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_random_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_random_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_empty_seal_unseal_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_empty_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_empty_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_unsync_seal_unseal_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - integrity_only_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_unsync_seal_unseal(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_unsync_seal_unseal(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_corrupted_data_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - integrity_only_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - integrity_only_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_corrupted_data(fixture->client_protect, - fixture->server_unprotect); - privacy_integrity_corrupted_data(fixture->server_protect, - fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_input_check_tests() { - alts_iovec_record_protocol_test_fixture* fixture = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - integrity_only_protect_input_check(fixture->client_protect); - integrity_only_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - integrity_only_protect_input_check(fixture->client_protect); - integrity_only_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - privacy_integrity_protect_input_check(fixture->client_protect); - privacy_integrity_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); - - fixture = alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - privacy_integrity_protect_input_check(fixture->client_protect); - privacy_integrity_unprotect_input_check(fixture->client_unprotect); - alts_iovec_record_protocol_test_fixture_destroy(fixture); -} - -static void alts_iovec_record_protocol_mix_operations_tests() { - alts_iovec_record_protocol_test_fixture* fixture_1 = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - alts_iovec_record_protocol_test_fixture* fixture_2 = - alts_iovec_record_protocol_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - - record_protocol_wrong_mode( - fixture_1->client_protect, fixture_1->client_unprotect, - fixture_2->client_protect, fixture_2->client_unprotect); - integrity_seal_privacy_unseal(fixture_1->client_protect, - fixture_2->server_unprotect); - privacy_seal_integrity_unseal(fixture_2->client_protect, - fixture_1->server_unprotect); - - alts_iovec_record_protocol_test_fixture_destroy(fixture_1); - alts_iovec_record_protocol_test_fixture_destroy(fixture_2); -} - -int main(int argc, char** argv) { - alts_iovec_record_protocol_random_seal_unseal_tests(); - alts_iovec_record_protocol_empty_seal_unseal_tests(); - alts_iovec_record_protocol_unsync_seal_unseal_tests(); - alts_iovec_record_protocol_corrupted_data_tests(); - alts_iovec_record_protocol_input_check_tests(); - alts_iovec_record_protocol_mix_operations_tests(); - return 0; -} diff --git a/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc b/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc deleted file mode 100644 index 2388be95cd..0000000000 --- a/test/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector_test.cc +++ /dev/null @@ -1,289 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include -#include -#include - -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/tsi/alts/crypt/gsec.h" -#include "src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h" -#include "src/core/tsi/transport_security_grpc.h" -#include "test/core/tsi/alts/crypt/gsec_test_util.h" - -/* TODO: tests zero_copy_grpc_protector under TSI test library, which - * has more comprehensive tests. */ - -constexpr size_t kSealRepeatTimes = 50; -constexpr size_t kSmallBufferSize = 16; -constexpr size_t kLargeBufferSize = 16384; -constexpr size_t kChannelMaxSize = 2048; -constexpr size_t kChannelMinSize = 128; - -/* Test fixtures for each test cases. */ -struct alts_zero_copy_grpc_protector_test_fixture { - tsi_zero_copy_grpc_protector* client; - tsi_zero_copy_grpc_protector* server; -}; - -/* Test input variables for protect/unprotect operations. */ -struct alts_zero_copy_grpc_protector_test_var { - grpc_slice_buffer original_sb; - grpc_slice_buffer duplicate_sb; - grpc_slice_buffer staging_sb; - grpc_slice_buffer protected_sb; - grpc_slice_buffer unprotected_sb; -}; - -/* --- Test utility functions. --- */ - -static void create_random_slice_buffer(grpc_slice_buffer* sb, - grpc_slice_buffer* dup_sb, - size_t length) { - GPR_ASSERT(sb != nullptr); - GPR_ASSERT(dup_sb != nullptr); - GPR_ASSERT(length > 0); - grpc_slice slice = GRPC_SLICE_MALLOC(length); - gsec_test_random_bytes(GRPC_SLICE_START_PTR(slice), length); - grpc_slice_buffer_add(sb, grpc_slice_ref(slice)); - grpc_slice_buffer_add(dup_sb, slice); -} - -static uint8_t* pointer_to_nth_byte(grpc_slice_buffer* sb, size_t index) { - GPR_ASSERT(sb != nullptr); - GPR_ASSERT(index < sb->length); - for (size_t i = 0; i < sb->count; i++) { - if (index < GRPC_SLICE_LENGTH(sb->slices[i])) { - return GRPC_SLICE_START_PTR(sb->slices[i]) + index; - } else { - index -= GRPC_SLICE_LENGTH(sb->slices[i]); - } - } - return nullptr; -} - -/* Checks if two slice buffer contents are the same. It is not super efficient, - * but OK for testing. */ -static bool are_slice_buffers_equal(grpc_slice_buffer* first, - grpc_slice_buffer* second) { - GPR_ASSERT(first != nullptr); - GPR_ASSERT(second != nullptr); - if (first->length != second->length) { - return false; - } - for (size_t i = 0; i < first->length; i++) { - uint8_t* first_ptr = pointer_to_nth_byte(first, i); - uint8_t* second_ptr = pointer_to_nth_byte(second, i); - GPR_ASSERT(first_ptr != nullptr && second_ptr != nullptr); - if ((*first_ptr) != (*second_ptr)) { - return false; - } - } - return true; -} - -static alts_zero_copy_grpc_protector_test_fixture* -alts_zero_copy_grpc_protector_test_fixture_create(bool rekey, - bool integrity_only) { - alts_zero_copy_grpc_protector_test_fixture* fixture = - static_cast( - gpr_zalloc(sizeof(alts_zero_copy_grpc_protector_test_fixture))); - grpc_core::ExecCtx exec_ctx; - size_t key_length = rekey ? kAes128GcmRekeyKeyLength : kAes128GcmKeyLength; - uint8_t* key; - size_t max_protected_frame_size = 1024; - gsec_test_random_array(&key, key_length); - GPR_ASSERT(alts_zero_copy_grpc_protector_create( - key, key_length, rekey, /*is_client=*/true, integrity_only, - &max_protected_frame_size, &fixture->client) == TSI_OK); - GPR_ASSERT(alts_zero_copy_grpc_protector_create( - key, key_length, rekey, /*is_client=*/false, integrity_only, - &max_protected_frame_size, &fixture->server) == TSI_OK); - gpr_free(key); - grpc_core::ExecCtx::Get()->Flush(); - return fixture; -} - -static void alts_zero_copy_grpc_protector_test_fixture_destroy( - alts_zero_copy_grpc_protector_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } - grpc_core::ExecCtx exec_ctx; - tsi_zero_copy_grpc_protector_destroy(fixture->client); - tsi_zero_copy_grpc_protector_destroy(fixture->server); - grpc_core::ExecCtx::Get()->Flush(); - gpr_free(fixture); -} - -static alts_zero_copy_grpc_protector_test_var* -alts_zero_copy_grpc_protector_test_var_create() { - alts_zero_copy_grpc_protector_test_var* var = - static_cast( - gpr_zalloc(sizeof(alts_zero_copy_grpc_protector_test_var))); - grpc_slice_buffer_init(&var->original_sb); - grpc_slice_buffer_init(&var->duplicate_sb); - grpc_slice_buffer_init(&var->staging_sb); - grpc_slice_buffer_init(&var->protected_sb); - grpc_slice_buffer_init(&var->unprotected_sb); - return var; -} - -static void alts_zero_copy_grpc_protector_test_var_destroy( - alts_zero_copy_grpc_protector_test_var* var) { - if (var == nullptr) { - return; - } - grpc_slice_buffer_destroy_internal(&var->original_sb); - grpc_slice_buffer_destroy_internal(&var->duplicate_sb); - grpc_slice_buffer_destroy_internal(&var->staging_sb); - grpc_slice_buffer_destroy_internal(&var->protected_sb); - grpc_slice_buffer_destroy_internal(&var->unprotected_sb); - gpr_free(var); -} - -/* --- ALTS zero-copy protector tests. --- */ - -static void seal_unseal_small_buffer(tsi_zero_copy_grpc_protector* sender, - tsi_zero_copy_grpc_protector* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_zero_copy_grpc_protector_test_var* var = - alts_zero_copy_grpc_protector_test_var_create(); - /* Creates a random small slice buffer and calls protect(). */ - create_random_slice_buffer(&var->original_sb, &var->duplicate_sb, - kSmallBufferSize); - GPR_ASSERT(tsi_zero_copy_grpc_protector_protect( - sender, &var->original_sb, &var->protected_sb) == TSI_OK); - /* Splits protected slice buffer into two: first one is staging_sb, and - * second one is is protected_sb. */ - uint32_t staging_sb_size = - gsec_test_bias_random_uint32( - static_cast(var->protected_sb.length - 1)) + - 1; - grpc_slice_buffer_move_first(&var->protected_sb, staging_sb_size, - &var->staging_sb); - /* Unprotects one by one. */ - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->staging_sb, &var->unprotected_sb) == TSI_OK); - GPR_ASSERT(var->unprotected_sb.length == 0); - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->protected_sb, &var->unprotected_sb) == - TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_zero_copy_grpc_protector_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -static void seal_unseal_large_buffer(tsi_zero_copy_grpc_protector* sender, - tsi_zero_copy_grpc_protector* receiver) { - grpc_core::ExecCtx exec_ctx; - for (size_t i = 0; i < kSealRepeatTimes; i++) { - alts_zero_copy_grpc_protector_test_var* var = - alts_zero_copy_grpc_protector_test_var_create(); - /* Creates a random large slice buffer and calls protect(). */ - create_random_slice_buffer(&var->original_sb, &var->duplicate_sb, - kLargeBufferSize); - GPR_ASSERT(tsi_zero_copy_grpc_protector_protect( - sender, &var->original_sb, &var->protected_sb) == TSI_OK); - /* Splits protected slice buffer into multiple pieces. Receiver unprotects - * each slice buffer one by one. */ - uint32_t channel_size = gsec_test_bias_random_uint32(static_cast( - kChannelMaxSize + 1 - kChannelMinSize)) + - static_cast(kChannelMinSize); - while (var->protected_sb.length > channel_size) { - grpc_slice_buffer_reset_and_unref_internal(&var->staging_sb); - grpc_slice_buffer_move_first(&var->protected_sb, channel_size, - &var->staging_sb); - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->staging_sb, &var->unprotected_sb) == - TSI_OK); - } - GPR_ASSERT(tsi_zero_copy_grpc_protector_unprotect( - receiver, &var->protected_sb, &var->unprotected_sb) == - TSI_OK); - GPR_ASSERT( - are_slice_buffers_equal(&var->unprotected_sb, &var->duplicate_sb)); - alts_zero_copy_grpc_protector_test_var_destroy(var); - } - grpc_core::ExecCtx::Get()->Flush(); -} - -/* --- Test cases. --- */ - -static void alts_zero_copy_protector_seal_unseal_small_buffer_tests() { - alts_zero_copy_grpc_protector_test_fixture* fixture = - alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - seal_unseal_small_buffer(fixture->client, fixture->server); - seal_unseal_small_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); -} - -static void alts_zero_copy_protector_seal_unseal_large_buffer_tests() { - alts_zero_copy_grpc_protector_test_fixture* fixture = - alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/true); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/false, /*integrity_only=*/false); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/true); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); - - fixture = alts_zero_copy_grpc_protector_test_fixture_create( - /*rekey=*/true, /*integrity_only=*/false); - seal_unseal_large_buffer(fixture->client, fixture->server); - seal_unseal_large_buffer(fixture->server, fixture->client); - alts_zero_copy_grpc_protector_test_fixture_destroy(fixture); -} - -int main(int argc, char** argv) { - alts_zero_copy_protector_seal_unseal_small_buffer_tests(); - alts_zero_copy_protector_seal_unseal_large_buffer_tests(); - return 0; -} diff --git a/test/core/tsi/fake_transport_security_test.cc b/test/core/tsi/fake_transport_security_test.cc index 5e6671965d..bec81ed42f 100644 --- a/test/core/tsi/fake_transport_security_test.cc +++ b/test/core/tsi/fake_transport_security_test.cc @@ -107,7 +107,7 @@ void fake_tsi_test_do_round_trip_for_all_configs() { tsi_test_frame_protector_config_destroy(fake_fixture->base.config); fake_fixture->base.config = tsi_test_frame_protector_config_create( bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], - bit_array[5], bit_array[6]); + bit_array[5], bit_array[6], bit_array[7]); tsi_test_do_round_trip(&fake_fixture->base); tsi_test_fixture_destroy(fixture); } diff --git a/test/core/tsi/ssl_transport_security_test.cc b/test/core/tsi/ssl_transport_security_test.cc index d9eb7470d5..8f255a3d35 100644 --- a/test/core/tsi/ssl_transport_security_test.cc +++ b/test/core/tsi/ssl_transport_security_test.cc @@ -528,7 +528,7 @@ void ssl_tsi_test_do_round_trip_for_all_configs() { tsi_test_frame_protector_config_destroy(ssl_fixture->base.config); ssl_fixture->base.config = tsi_test_frame_protector_config_create( bit_array[0], bit_array[1], bit_array[2], bit_array[3], bit_array[4], - bit_array[5], bit_array[6]); + bit_array[5], bit_array[6], bit_array[7]); tsi_test_do_round_trip(&ssl_fixture->base); tsi_test_fixture_destroy(fixture); } diff --git a/test/core/tsi/transport_security_test_lib.cc b/test/core/tsi/transport_security_test_lib.cc index 26349dbfca..8ea83f7088 100644 --- a/test/core/tsi/transport_security_test_lib.cc +++ b/test/core/tsi/transport_security_test_lib.cc @@ -110,29 +110,27 @@ static void check_handshake_results(tsi_test_fixture* fixture) { fixture->vtable->check_handshaker_peers(fixture); /* Check unused bytes. */ if (fixture->test_unused_bytes) { - tsi_test_channel* channel = fixture->channel; if (fixture->server_result != nullptr && fixture->client_result != nullptr) { check_unused_bytes(fixture); } - channel->bytes_written_to_server_channel = 0; - channel->bytes_written_to_client_channel = 0; - channel->bytes_read_from_client_channel = 0; - channel->bytes_read_from_server_channel = 0; + fixture->bytes_written_to_server_channel = 0; + fixture->bytes_written_to_client_channel = 0; + fixture->bytes_read_from_client_channel = 0; + fixture->bytes_read_from_server_channel = 0; } } -static void send_bytes_to_peer(tsi_test_channel* test_channel, +static void send_bytes_to_peer(tsi_test_fixture* fixture, const unsigned char* buf, size_t buf_size, bool is_client) { - GPR_ASSERT(test_channel != nullptr); + GPR_ASSERT(fixture != nullptr); GPR_ASSERT(buf != nullptr); uint8_t* channel = - is_client ? test_channel->server_channel : test_channel->client_channel; + is_client ? fixture->server_channel : fixture->client_channel; GPR_ASSERT(channel != nullptr); - size_t* bytes_written = is_client - ? &test_channel->bytes_written_to_server_channel - : &test_channel->bytes_written_to_client_channel; + size_t* bytes_written = is_client ? &fixture->bytes_written_to_server_channel + : &fixture->bytes_written_to_client_channel; GPR_ASSERT(bytes_written != nullptr); GPR_ASSERT(*bytes_written + buf_size <= TSI_TEST_DEFAULT_CHANNEL_SIZE); /* Write data to channel. */ @@ -147,8 +145,7 @@ static void maybe_append_unused_bytes(handshaker_args* args) { if (fixture->test_unused_bytes && !args->appended_unused_bytes) { args->appended_unused_bytes = true; send_bytes_to_peer( - fixture->channel, - reinterpret_cast(TSI_TEST_UNUSED_BYTES), + fixture, reinterpret_cast(TSI_TEST_UNUSED_BYTES), strlen(TSI_TEST_UNUSED_BYTES), args->is_client); if (fixture->client_result != nullptr && fixture->server_result == nullptr) { @@ -157,21 +154,19 @@ static void maybe_append_unused_bytes(handshaker_args* args) { } } -static void receive_bytes_from_peer(tsi_test_channel* test_channel, +static void receive_bytes_from_peer(tsi_test_fixture* fixture, unsigned char** buf, size_t* buf_size, bool is_client) { - GPR_ASSERT(test_channel != nullptr); + GPR_ASSERT(fixture != nullptr); GPR_ASSERT(*buf != nullptr); GPR_ASSERT(buf_size != nullptr); uint8_t* channel = - is_client ? test_channel->client_channel : test_channel->server_channel; + is_client ? fixture->client_channel : fixture->server_channel; GPR_ASSERT(channel != nullptr); - size_t* bytes_read = is_client - ? &test_channel->bytes_read_from_client_channel - : &test_channel->bytes_read_from_server_channel; - size_t* bytes_written = is_client - ? &test_channel->bytes_written_to_client_channel - : &test_channel->bytes_written_to_server_channel; + size_t* bytes_read = is_client ? &fixture->bytes_read_from_client_channel + : &fixture->bytes_read_from_server_channel; + size_t* bytes_written = is_client ? &fixture->bytes_written_to_client_channel + : &fixture->bytes_written_to_server_channel; GPR_ASSERT(bytes_read != nullptr); GPR_ASSERT(bytes_written != nullptr); size_t to_read = *buf_size < *bytes_written - *bytes_read @@ -183,13 +178,14 @@ static void receive_bytes_from_peer(tsi_test_channel* test_channel, *bytes_read += to_read; } -void tsi_test_frame_protector_send_message_to_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, bool is_client) { +static void send_message_to_peer(tsi_test_fixture* fixture, + tsi_frame_protector* protector, + bool is_client) { /* Initialization. */ - GPR_ASSERT(config != nullptr); - GPR_ASSERT(channel != nullptr); + GPR_ASSERT(fixture != nullptr); + GPR_ASSERT(fixture->config != nullptr); GPR_ASSERT(protector != nullptr); + tsi_test_frame_protector_config* config = fixture->config; unsigned char* protected_buffer = static_cast(gpr_zalloc(config->protected_buffer_size)); size_t message_size = @@ -209,7 +205,7 @@ void tsi_test_frame_protector_send_message_to_peer( &protected_buffer_size_to_send); GPR_ASSERT(result == TSI_OK); /* Send protected data to peer. */ - send_bytes_to_peer(channel, protected_buffer, protected_buffer_size_to_send, + send_bytes_to_peer(fixture, protected_buffer, protected_buffer_size_to_send, is_client); message_bytes += processed_message_size; message_size -= processed_message_size; @@ -222,7 +218,7 @@ void tsi_test_frame_protector_send_message_to_peer( protector, protected_buffer, &protected_buffer_size_to_send, &still_pending_size); GPR_ASSERT(result == TSI_OK); - send_bytes_to_peer(channel, protected_buffer, + send_bytes_to_peer(fixture, protected_buffer, protected_buffer_size_to_send, is_client); } while (still_pending_size > 0 && result == TSI_OK); GPR_ASSERT(result == TSI_OK); @@ -232,16 +228,17 @@ void tsi_test_frame_protector_send_message_to_peer( gpr_free(protected_buffer); } -void tsi_test_frame_protector_receive_message_from_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, unsigned char* message, - size_t* bytes_received, bool is_client) { +static void receive_message_from_peer(tsi_test_fixture* fixture, + tsi_frame_protector* protector, + unsigned char* message, + size_t* bytes_received, bool is_client) { /* Initialization. */ - GPR_ASSERT(config != nullptr); - GPR_ASSERT(channel != nullptr); + GPR_ASSERT(fixture != nullptr); GPR_ASSERT(protector != nullptr); GPR_ASSERT(message != nullptr); GPR_ASSERT(bytes_received != nullptr); + GPR_ASSERT(fixture->config != nullptr); + tsi_test_frame_protector_config* config = fixture->config; size_t read_offset = 0; size_t message_offset = 0; size_t read_from_peer_size = 0; @@ -256,7 +253,7 @@ void tsi_test_frame_protector_receive_message_from_peer( /* Receive data from peer. */ if (read_from_peer_size == 0) { read_from_peer_size = config->read_buffer_allocated_size; - receive_bytes_from_peer(channel, &read_buffer, &read_from_peer_size, + receive_bytes_from_peer(fixture, &read_buffer, &read_from_peer_size, is_client); read_offset = 0; } @@ -317,7 +314,7 @@ grpc_error* on_handshake_next_done(tsi_result result, void* user_data, } /* Send data to peer, if needed. */ if (bytes_to_send_size > 0) { - send_bytes_to_peer(fixture->channel, bytes_to_send, bytes_to_send_size, + send_bytes_to_peer(args->fixture, bytes_to_send, bytes_to_send_size, args->is_client); args->transferred_data = true; } @@ -364,8 +361,8 @@ static void do_handshaker_next(handshaker_args* args) { /* Receive data from peer, if available. */ do { size_t buf_size = args->handshake_buffer_size; - receive_bytes_from_peer(fixture->channel, &args->handshake_buffer, - &buf_size, args->is_client); + receive_bytes_from_peer(args->fixture, &args->handshake_buffer, &buf_size, + args->is_client); if (buf_size > 0) { args->transferred_data = true; } @@ -414,50 +411,6 @@ void tsi_test_do_handshake(tsi_test_fixture* fixture) { handshaker_args_destroy(server_args); } -static void tsi_test_do_ping_pong(tsi_test_frame_protector_config* config, - tsi_test_channel* channel, - tsi_frame_protector* client_frame_protector, - tsi_frame_protector* server_frame_protector) { - GPR_ASSERT(config != nullptr); - GPR_ASSERT(channel != nullptr); - GPR_ASSERT(client_frame_protector != nullptr); - GPR_ASSERT(server_frame_protector != nullptr); - /* Client sends a message to server. */ - tsi_test_frame_protector_send_message_to_peer( - config, channel, client_frame_protector, true /* is_client */); - unsigned char* server_received_message = - static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - size_t server_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, server_frame_protector, server_received_message, - &server_received_message_size, false /* is_client */); - GPR_ASSERT(config->client_message_size == server_received_message_size); - GPR_ASSERT(memcmp(config->client_message, server_received_message, - server_received_message_size) == 0); - /* Server sends a message to client. */ - tsi_test_frame_protector_send_message_to_peer( - config, channel, server_frame_protector, false /* is_client */); - unsigned char* client_received_message = - static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - size_t client_received_message_size = 0; - tsi_test_frame_protector_receive_message_from_peer( - config, channel, client_frame_protector, client_received_message, - &client_received_message_size, true /* is_client */); - GPR_ASSERT(config->server_message_size == client_received_message_size); - GPR_ASSERT(memcmp(config->server_message, client_received_message, - client_received_message_size) == 0); - gpr_free(server_received_message); - gpr_free(client_received_message); -} - -void tsi_test_frame_protector_do_round_trip_no_handshake( - tsi_test_frame_protector_fixture* fixture) { - GPR_ASSERT(fixture != nullptr); - tsi_test_do_ping_pong(fixture->config, fixture->channel, - fixture->client_frame_protector, - fixture->server_frame_protector); -} - void tsi_test_do_round_trip(tsi_test_fixture* fixture) { /* Initialization. */ GPR_ASSERT(fixture != nullptr); @@ -484,11 +437,33 @@ void tsi_test_do_round_trip(tsi_test_fixture* fixture) { ? nullptr : &server_max_output_protected_frame_size, &server_frame_protector) == TSI_OK); - tsi_test_do_ping_pong(config, fixture->channel, client_frame_protector, - server_frame_protector); + /* Client sends a message to server. */ + send_message_to_peer(fixture, client_frame_protector, true /* is_client */); + unsigned char* server_received_message = + static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + size_t server_received_message_size = 0; + receive_message_from_peer( + fixture, server_frame_protector, server_received_message, + &server_received_message_size, false /* is_client */); + GPR_ASSERT(config->client_message_size == server_received_message_size); + GPR_ASSERT(memcmp(config->client_message, server_received_message, + server_received_message_size) == 0); + /* Server sends a message to client. */ + send_message_to_peer(fixture, server_frame_protector, false /* is_client */); + unsigned char* client_received_message = + static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + size_t client_received_message_size = 0; + receive_message_from_peer( + fixture, client_frame_protector, client_received_message, + &client_received_message_size, true /* is_client */); + GPR_ASSERT(config->server_message_size == client_received_message_size); + GPR_ASSERT(memcmp(config->server_message, client_received_message, + client_received_message_size) == 0); /* Destroy server and client frame protectors. */ tsi_frame_protector_destroy(client_frame_protector); tsi_frame_protector_destroy(server_frame_protector); + gpr_free(server_received_message); + gpr_free(client_received_message); } static unsigned char* generate_random_message(size_t size) { @@ -508,7 +483,8 @@ tsi_test_frame_protector_config* tsi_test_frame_protector_config_create( bool use_default_protected_buffer_size, bool use_default_client_message, bool use_default_server_message, bool use_default_client_max_output_protected_frame_size, - bool use_default_server_max_output_protected_frame_size) { + bool use_default_server_max_output_protected_frame_size, + bool use_default_handshake_buffer_size) { tsi_test_frame_protector_config* config = static_cast( gpr_zalloc(sizeof(*config))); @@ -576,42 +552,24 @@ void tsi_test_frame_protector_config_set_buffer_size( void tsi_test_frame_protector_config_destroy( tsi_test_frame_protector_config* config) { - if (config == nullptr) { - return; - } + GPR_ASSERT(config != nullptr); gpr_free(config->client_message); gpr_free(config->server_message); gpr_free(config); } -static tsi_test_channel* tsi_test_channel_create() { - tsi_test_channel* channel = - static_cast(gpr_zalloc(sizeof(*channel))); - channel->client_channel = - static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - channel->server_channel = - static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); - channel->bytes_written_to_client_channel = 0; - channel->bytes_written_to_server_channel = 0; - channel->bytes_read_from_client_channel = 0; - channel->bytes_read_from_server_channel = 0; - return channel; -} - -static void tsi_test_channel_destroy(tsi_test_channel* channel) { - if (channel == nullptr) { - return; - } - gpr_free(channel->client_channel); - gpr_free(channel->server_channel); - gpr_free(channel); -} - void tsi_test_fixture_init(tsi_test_fixture* fixture) { fixture->config = tsi_test_frame_protector_config_create( - true, true, true, true, true, true, true); + true, true, true, true, true, true, true, true); fixture->handshake_buffer_size = TSI_TEST_DEFAULT_BUFFER_SIZE; - fixture->channel = tsi_test_channel_create(); + fixture->client_channel = + static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + fixture->server_channel = + static_cast(gpr_zalloc(TSI_TEST_DEFAULT_CHANNEL_SIZE)); + fixture->bytes_written_to_client_channel = 0; + fixture->bytes_written_to_server_channel = 0; + fixture->bytes_read_from_client_channel = 0; + fixture->bytes_read_from_server_channel = 0; fixture->test_unused_bytes = true; fixture->has_client_finished_first = false; gpr_mu_init(&fixture->mu); @@ -620,15 +578,14 @@ void tsi_test_fixture_init(tsi_test_fixture* fixture) { } void tsi_test_fixture_destroy(tsi_test_fixture* fixture) { - if (fixture == nullptr) { - return; - } + GPR_ASSERT(fixture != nullptr); tsi_test_frame_protector_config_destroy(fixture->config); tsi_handshaker_destroy(fixture->client_handshaker); tsi_handshaker_destroy(fixture->server_handshaker); tsi_handshaker_result_destroy(fixture->client_result); tsi_handshaker_result_destroy(fixture->server_result); - tsi_test_channel_destroy(fixture->channel); + gpr_free(fixture->client_channel); + gpr_free(fixture->server_channel); GPR_ASSERT(fixture->vtable != nullptr); GPR_ASSERT(fixture->vtable->destruct != nullptr); fixture->vtable->destruct(fixture); @@ -636,34 +593,3 @@ void tsi_test_fixture_destroy(tsi_test_fixture* fixture) { gpr_cv_destroy(&fixture->cv); gpr_free(fixture); } - -tsi_test_frame_protector_fixture* tsi_test_frame_protector_fixture_create() { - tsi_test_frame_protector_fixture* fixture = - static_cast( - gpr_zalloc(sizeof(*fixture))); - fixture->config = tsi_test_frame_protector_config_create( - true, true, true, true, true, true, true); - fixture->channel = tsi_test_channel_create(); - return fixture; -} - -void tsi_test_frame_protector_fixture_init( - tsi_test_frame_protector_fixture* fixture, - tsi_frame_protector* client_frame_protector, - tsi_frame_protector* server_frame_protector) { - GPR_ASSERT(fixture != nullptr); - fixture->client_frame_protector = client_frame_protector; - fixture->server_frame_protector = server_frame_protector; -} - -void tsi_test_frame_protector_fixture_destroy( - tsi_test_frame_protector_fixture* fixture) { - if (fixture == nullptr) { - return; - } - tsi_test_frame_protector_config_destroy(fixture->config); - tsi_test_channel_destroy(fixture->channel); - tsi_frame_protector_destroy(fixture->client_frame_protector); - tsi_frame_protector_destroy(fixture->server_frame_protector); - gpr_free(fixture); -} diff --git a/test/core/tsi/transport_security_test_lib.h b/test/core/tsi/transport_security_test_lib.h index b6a431f5a0..9b07448cc5 100644 --- a/test/core/tsi/transport_security_test_lib.h +++ b/test/core/tsi/transport_security_test_lib.h @@ -35,8 +35,8 @@ #define TSI_TEST_DEFAULT_CHANNEL_SIZE 32768 #define TSI_TEST_BIG_MESSAGE_SIZE 17000 #define TSI_TEST_SMALL_MESSAGE_SIZE 10 -#define TSI_TEST_NUM_OF_ARGUMENTS 7 -#define TSI_TEST_NUM_OF_COMBINATIONS 128 +#define TSI_TEST_NUM_OF_ARGUMENTS 8 +#define TSI_TEST_NUM_OF_COMBINATIONS 256 #define TSI_TEST_UNUSED_BYTES "HELLO GOOGLE" /* --- tsi_test_fixture object --- @@ -46,22 +46,12 @@ protect/unprotect operations with respect to TSI implementations. */ typedef struct tsi_test_fixture tsi_test_fixture; -/* --- tsi_test_frame_protector_fixture object --- - The object wraps all necessary information used to test correctness of TSI - frame protector implementations. */ -typedef struct tsi_test_frame_protector_fixture - tsi_test_frame_protector_fixture; - /* --- tsi_test_frame_protector_config object --- + This object is used to configure different parameters of TSI frame protector APIs. */ typedef struct tsi_test_frame_protector_config tsi_test_frame_protector_config; -/* --- tsi_test_channel object --- - This object represents simulated channels between the client and server - from/to which they could read/write the exchanged information. */ -typedef struct tsi_test_channel tsi_test_channel; - /* V-table for tsi_test_fixture operations that are implemented differently in different TSI implementations. */ typedef struct tsi_test_fixture_vtable { @@ -83,8 +73,17 @@ struct tsi_test_fixture { tsi_handshaker_result* server_result; /* size of buffer used to store data received from the peer. */ size_t handshake_buffer_size; - /* tsi_test_channel instance. */ - tsi_test_channel* channel; + /* simulated channels between client and server. If the server (client) + wants to send data to the client (server), he will write data to + client_channel (server_channel), which will be read by client (server). */ + uint8_t* client_channel; + uint8_t* server_channel; + /* size of data written to the client/server channel. */ + size_t bytes_written_to_client_channel; + size_t bytes_written_to_server_channel; + /* size of data read from the client/server channel */ + size_t bytes_read_from_client_channel; + size_t bytes_read_from_server_channel; /* tsi_test_frame_protector_config instance */ tsi_test_frame_protector_config* config; /* a flag indicating if client has finished TSI handshake first (i.e., before @@ -107,30 +106,6 @@ struct tsi_test_fixture { bool notified; }; -struct tsi_test_frame_protector_fixture { - /* client/server TSI frame protectors whose ownership are transferred. */ - tsi_frame_protector* client_frame_protector; - tsi_frame_protector* server_frame_protector; - /* tsi_test_channel instance. */ - tsi_test_channel* channel; - /* tsi_test_frame_protector_config instance */ - tsi_test_frame_protector_config* config; -}; - -struct tsi_test_channel { - /* simulated channels between client and server. If the server (client) - wants to send data to the client (server), he will write data to - client_channel (server_channel), which will be read by client (server). */ - uint8_t* client_channel; - uint8_t* server_channel; - /* size of data written to the client/server channel. */ - size_t bytes_written_to_client_channel; - size_t bytes_written_to_server_channel; - /* size of data read from the client/server channel */ - size_t bytes_read_from_client_channel; - size_t bytes_read_from_server_channel; -}; - struct tsi_test_frame_protector_config { /* size of buffer used to store protected frames to be unprotected. */ size_t read_buffer_allocated_size; @@ -160,7 +135,8 @@ tsi_test_frame_protector_config* tsi_test_frame_protector_config_create( bool use_default_protected_buffer_size, bool use_default_client_message, bool use_default_server_message, bool use_default_client_max_output_protected_frame_size, - bool use_default_server_max_output_protected_frame_size); + bool use_default_server_max_output_protected_frame_size, + bool use_default_handshake_buffer_size); /* This method sets different buffer and frame sizes of a tsi_test_frame_protector_config instance with user provided values. */ @@ -184,35 +160,6 @@ void tsi_test_fixture_init(tsi_test_fixture* fixture); this function. */ void tsi_test_fixture_destroy(tsi_test_fixture* fixture); -/* This method creates a tsi_test_frame_protector_fixture instance. */ -tsi_test_frame_protector_fixture* tsi_test_frame_protector_fixture_create(); - -/* This method initializes members of tsi_test_frame_protector_fixture instance. - Note that the struct instance should be allocated before making - this call. */ -void tsi_test_frame_protector_fixture_init( - tsi_test_frame_protector_fixture* fixture, - tsi_frame_protector* client_frame_protector, - tsi_frame_protector* server_frame_protector); - -/* This method destroys a tsi_test_frame_protector_fixture instance. Note that - the fixture intance must be dynamically allocated and will be freed by this - function. */ -void tsi_test_frame_protector_fixture_destroy( - tsi_test_frame_protector_fixture* fixture); - -/* This method performs a protect opeation on raw data and sends the result to - peer. */ -void tsi_test_frame_protector_send_message_to_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, bool is_client); - -/* This method receives message from peer and unprotects it. */ -void tsi_test_frame_protector_receive_message_from_peer( - tsi_test_frame_protector_config* config, tsi_test_channel* channel, - tsi_frame_protector* protector, unsigned char* message, - size_t* bytes_received, bool is_client); - /* This method performs a full TSI handshake between a client and a server. Note that the test library will implement the new TSI handshaker API to perform handshakes. */ @@ -224,8 +171,4 @@ void tsi_test_do_handshake(tsi_test_fixture* fixture); the client and server switching its role. */ void tsi_test_do_round_trip(tsi_test_fixture* fixture); -/* This method performs the above round trip test without doing handshakes. */ -void tsi_test_frame_protector_do_round_trip_no_handshake( - tsi_test_frame_protector_fixture* fixture); - #endif // GRPC_TEST_CORE_TSI_TRANSPORT_SECURITY_TEST_LIB_H_ -- cgit v1.2.3