chacha20poly1305_wycheproof_test.go

     1  // Copyright 2026 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package cryptotest_test
     6  
     7  import (
     8  	"bytes"
     9  	"crypto/cipher"
    10  	"crypto/internal/cryptotest/wycheproof"
    11  	"testing"
    12  
    13  	"golang.org/x/crypto/chacha20poly1305"
    14  )
    15  
    16  func TestChaCha20Poly1305Wycheproof(t *testing.T) {
    17  	for _, tc := range []struct {
    18  		file      string
    19  		newCipher func([]byte) (cipher.AEAD, error)
    20  	}{
    21  		{"chacha20_poly1305_test.json", chacha20poly1305.New},
    22  		{"xchacha20_poly1305_test.json", chacha20poly1305.NewX},
    23  	} {
    24  		var testdata wycheproof.AeadTestSchemaV1Json
    25  		wycheproof.LoadVectorFile(t, tc.file, &testdata)
    26  
    27  		for _, tg := range testdata.TestGroups {
    28  			for _, tv := range tg.Tests {
    29  				t.Run(wycheproof.TestName(tc.file, tv), func(t *testing.T) {
    30  					t.Parallel()
    31  
    32  					aead, err := tc.newCipher(wycheproof.MustDecodeHex(tv.Key))
    33  					if err != nil {
    34  						t.Fatalf("failed to construct cipher: %s", err)
    35  					}
    36  
    37  					iv := wycheproof.MustDecodeHex(tv.Iv)
    38  					tag := wycheproof.MustDecodeHex(tv.Tag)
    39  					ct := wycheproof.MustDecodeHex(tv.Ct)
    40  					msg := wycheproof.MustDecodeHex(tv.Msg)
    41  					aad := wycheproof.MustDecodeHex(tv.Aad)
    42  
    43  					// The Go implementation panics on invalid nonce sizes rather
    44  					// than returning an error. Verify this behavior.
    45  					if len(iv) != aead.NonceSize() {
    46  						ctWithTag := append(ct, tag...)
    47  						wycheproof.MustPanic(t, "Seal", func() { aead.Seal(nil, iv, msg, aad) })
    48  						wycheproof.MustPanic(t, "Open", func() { aead.Open(nil, iv, ctWithTag, aad) })
    49  						return
    50  					}
    51  
    52  					genCT := aead.Seal(nil, iv, msg, aad)
    53  					genMsg, err := aead.Open(nil, iv, genCT, aad)
    54  					if err != nil {
    55  						t.Errorf("failed to decrypt generated ciphertext: %s", err)
    56  					}
    57  					if !bytes.Equal(genMsg, msg) {
    58  						t.Errorf("unexpected roundtripped plaintext: got %x, want %x", genMsg, msg)
    59  					}
    60  
    61  					ctWithTag := append(ct, tag...)
    62  					msg2, err := aead.Open(nil, iv, ctWithTag, aad)
    63  					wantPass := wycheproof.ShouldPass(t, tv.Result, tv.Flags, nil)
    64  					if !wantPass && err == nil {
    65  						t.Error("decryption succeeded when it should've failed")
    66  					} else if wantPass {
    67  						if err != nil {
    68  							t.Fatalf("decryption failed: %s", err)
    69  						}
    70  						if !bytes.Equal(genCT, ctWithTag) {
    71  							t.Errorf("generated ciphertext doesn't match expected: got %x, want %x", genCT, ctWithTag)
    72  						}
    73  						if !bytes.Equal(msg, msg2) {
    74  							t.Errorf("decrypted ciphertext doesn't match expected: got %x, want %x", msg2, msg)
    75  						}
    76  					}
    77  				})
    78  			}
    79  		}
    80  	}
    81  }
    82
View as plain text