tunnelkit/Tests/TunnelKitOpenVPNTests/CryptoCBCTests.swift

//
//  CryptoCBCTests.swift
//  TunnelKitOpenVPNTests
//
//  Created by Davide De Rosa on 12/12/23.
//  Copyright (c) 2024 Davide De Rosa. All rights reserved.
//
//  https://github.com/passepartoutvpn
//
//  This file is part of TunnelKit.
//
//  TunnelKit is free software: you can redistribute it and/or modify
//  it under the terms of the GNU General Public License as published by
//  the Free Software Foundation, either version 3 of the License, or
//  (at your option) any later version.
//
//  TunnelKit is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//  GNU General Public License for more details.
//
//  You should have received a copy of the GNU General Public License
//  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
//

import XCTest
@testable import TunnelKitCore
@testable import TunnelKitOpenVPNCore
import CTunnelKitCore
import CTunnelKitOpenVPNProtocol

class CryptoCBCTests: XCTestCase {
    private let cipherKey = ZeroingData(count: 32)

    private let hmacKey = ZeroingData(count: 32)

    private let plainData = Data(hex: "00112233ffddaa")

    private let plainHMACData = Data(hex: "8dd324c81ca32f52e4aa1aa35139deba799a68460e80b0e5ac8bceb043edf6e500112233ffddaa")

    private let encryptedHMACData = Data(hex: "fea3fe87ee68eb21c697e62d3c29f7bea2f5b457d9a7fa66291322fc9c2fe6f700000000000000000000000000000000ebe197e706c3c5dcad026f4e3af1048b")

    private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]

    private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]

    private lazy var flags: CryptoFlags = {
        return packetId.withUnsafeBufferPointer { iv in
            ad.withUnsafeBufferPointer { ad in
                CryptoFlags(iv: iv.baseAddress,
                            ivLength: iv.count,
                            ad: ad.baseAddress,
                            adLength: ad.count,
                            forTesting: true)
            }
        }
    }()

    func test_givenDecrypted_whenEncryptWithoutCipher_thenEncodesWithHMAC() {
        let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
        sut.configureEncryption(withCipherKey: nil, hmacKey: hmacKey)

        do {
            let returnedData = try sut.encryptData(plainData, flags: &flags)
            XCTAssertEqual(returnedData, plainHMACData)
        } catch {
            XCTFail("Cannot encrypt: \(error)")
        }
    }

    func test_givenDecrypted_whenEncryptWithCipher_thenEncryptsWithHMAC() {
        let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")
        sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)

        do {
            let returnedData = try sut.encryptData(plainData, flags: &flags)
            XCTAssertEqual(returnedData, encryptedHMACData)
        } catch {
            XCTFail("Cannot encrypt: \(error)")
        }
    }

    func test_givenEncodedWithHMAC_thenDecodes() {
        let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
        sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)

        do {
            let returnedData = try sut.decryptData(plainHMACData, flags: &flags)
            XCTAssertEqual(returnedData, plainData)
        } catch {
            XCTFail("Cannot decrypt: \(error)")
        }
    }

    func test_givenEncryptedWithHMAC_thenDecrypts() {
        let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")
        sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)

        do {
            let returnedData = try sut.decryptData(encryptedHMACData, flags: &flags)
            XCTAssertEqual(returnedData, plainData)
        } catch {
            XCTFail("Cannot decrypt: \(error)")
        }
    }

    func test_givenHMAC_thenVerifies() {
        let sut = CryptoCBC(cipherName: nil, digestName: "sha256")
        sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)

        XCTAssertNoThrow(try sut.verifyData(plainHMACData, flags: &flags))
        XCTAssertNoThrow(try sut.verifyData(encryptedHMACData, flags: &flags))
    }
}
Convert encryption tests to proper unit tests (#348) 2023-12-13 08:59:57 +00:00			`//`
			`// CryptoCBCTests.swift`
			`// TunnelKitOpenVPNTests`
			`//`
			`// Created by Davide De Rosa on 12/12/23.`
Update copyright 2024-01-14 13:33:14 +00:00			`// Copyright (c) 2024 Davide De Rosa. All rights reserved.`
Convert encryption tests to proper unit tests (#348) 2023-12-13 08:59:57 +00:00			`//`
			`// https://github.com/passepartoutvpn`
			`//`
			`// This file is part of TunnelKit.`
			`//`
			`// TunnelKit is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// TunnelKit is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU General Public License`
			`// along with TunnelKit. If not, see <http://www.gnu.org/licenses/>.`
			`//`

			`import XCTest`
			`@testable import TunnelKitCore`
			`@testable import TunnelKitOpenVPNCore`
			`import CTunnelKitCore`
			`import CTunnelKitOpenVPNProtocol`

			`class CryptoCBCTests: XCTestCase {`
			`private let cipherKey = ZeroingData(count: 32)`

			`private let hmacKey = ZeroingData(count: 32)`

			`private let plainData = Data(hex: "00112233ffddaa")`

			`private let plainHMACData = Data(hex: "8dd324c81ca32f52e4aa1aa35139deba799a68460e80b0e5ac8bceb043edf6e500112233ffddaa")`

			`private let encryptedHMACData = Data(hex: "fea3fe87ee68eb21c697e62d3c29f7bea2f5b457d9a7fa66291322fc9c2fe6f700000000000000000000000000000000ebe197e706c3c5dcad026f4e3af1048b")`

Dangling pointers in crypto tests (#349) 2023-12-13 20:11:05 +00:00			`private var packetId: [UInt8] = [0x56, 0x34, 0x12, 0x00]`

			`private var ad: [UInt8] = [0x00, 0x12, 0x34, 0x56]`

			`private lazy var flags: CryptoFlags = {`
			`return packetId.withUnsafeBufferPointer { iv in`
			`ad.withUnsafeBufferPointer { ad in`
			`CryptoFlags(iv: iv.baseAddress,`
			`ivLength: iv.count,`
			`ad: ad.baseAddress,`
			`adLength: ad.count,`
			`forTesting: true)`
			`}`
			`}`
			`}()`

Convert encryption tests to proper unit tests (#348) 2023-12-13 08:59:57 +00:00			`func test_givenDecrypted_whenEncryptWithoutCipher_thenEncodesWithHMAC() {`
			`let sut = CryptoCBC(cipherName: nil, digestName: "sha256")`
			`sut.configureEncryption(withCipherKey: nil, hmacKey: hmacKey)`

			`do {`
			`let returnedData = try sut.encryptData(plainData, flags: &flags)`
			`XCTAssertEqual(returnedData, plainHMACData)`
			`} catch {`
			`XCTFail("Cannot encrypt: \(error)")`
			`}`
			`}`

			`func test_givenDecrypted_whenEncryptWithCipher_thenEncryptsWithHMAC() {`
			`let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")`
			`sut.configureEncryption(withCipherKey: cipherKey, hmacKey: hmacKey)`

			`do {`
			`let returnedData = try sut.encryptData(plainData, flags: &flags)`
			`XCTAssertEqual(returnedData, encryptedHMACData)`
			`} catch {`
			`XCTFail("Cannot encrypt: \(error)")`
			`}`
			`}`

			`func test_givenEncodedWithHMAC_thenDecodes() {`
			`let sut = CryptoCBC(cipherName: nil, digestName: "sha256")`
			`sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)`

			`do {`
			`let returnedData = try sut.decryptData(plainHMACData, flags: &flags)`
			`XCTAssertEqual(returnedData, plainData)`
			`} catch {`
			`XCTFail("Cannot decrypt: \(error)")`
			`}`
			`}`

			`func test_givenEncryptedWithHMAC_thenDecrypts() {`
			`let sut = CryptoCBC(cipherName: "aes-128-cbc", digestName: "sha256")`
			`sut.configureDecryption(withCipherKey: cipherKey, hmacKey: hmacKey)`

			`do {`
			`let returnedData = try sut.decryptData(encryptedHMACData, flags: &flags)`
			`XCTAssertEqual(returnedData, plainData)`
			`} catch {`
			`XCTFail("Cannot decrypt: \(error)")`
			`}`
			`}`

			`func test_givenHMAC_thenVerifies() {`
			`let sut = CryptoCBC(cipherName: nil, digestName: "sha256")`
			`sut.configureDecryption(withCipherKey: nil, hmacKey: hmacKey)`

			`XCTAssertNoThrow(try sut.verifyData(plainHMACData, flags: &flags))`
			`XCTAssertNoThrow(try sut.verifyData(encryptedHMACData, flags: &flags))`
			`}`
			`}`