improve crypto test coverage

crypto/cert_compression_test.go

@@ -97,7 +97,7 @@ var _ = Describe("Cert compression", func() {
 		Expect(compressed).To(Equal(expected))
 	})
 
-	It("uses common certificates", func() {
+	It("uses common certificate sets", func() {
 		cert := certsets.CertSet1[42]
 		setHash := make([]byte, 8)
 		binary.LittleEndian.PutUint64(setHash, certsets.CertSet1Hash)
@@ -111,6 +111,25 @@ var _ = Describe("Cert compression", func() {
 		Expect(compressed).To(Equal(expected))
 	})
 
+	It("ignores uncommon certificate sets", func() {
+		cert := []byte{0xde, 0xca, 0xfb, 0xad}
+		setHash := make([]byte, 8)
+		binary.LittleEndian.PutUint64(setHash, 0xdeadbeef)
+		chain := [][]byte{cert}
+		compressed, err := compressChain(chain, setHash, nil)
+		Expect(err).ToNot(HaveOccurred())
+		certZlib := &bytes.Buffer{}
+		z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, certDictZlib)
+		Expect(err).ToNot(HaveOccurred())
+		z.Write([]byte{0x04, 0x00, 0x00, 0x00})
+		z.Write(cert)
+		z.Close()
+		Expect(compressed).To(Equal(append([]byte{
+			0x01, 0x00,
+			0x08, 0x00, 0x00, 0x00,
+		}, certZlib.Bytes()...)))
+	})
+
 	It("uses common certificates and compressed combined", func() {
 		cert1 := []byte{0xde, 0xca, 0xfb, 0xad}
 		cert2 := certsets.CertSet1[42]
@@ -133,4 +152,13 @@ var _ = Describe("Cert compression", func() {
 		expected = append(expected, certZlib.Bytes()...)
 		Expect(compressed).To(Equal(expected))
 	})
+
+	It("rejects invalid CCS / CCRT hashes", func() {
+		cert := []byte{0xde, 0xca, 0xfb, 0xad}
+		chain := [][]byte{cert}
+		_, err := compressChain(chain, []byte("foo"), nil)
+		Expect(err).To(MatchError("expected a multiple of 8 bytes for CCS / CCRT hashes"))
+		_, err = compressChain(chain, nil, []byte("foo"))
+		Expect(err).To(MatchError("expected a multiple of 8 bytes for CCS / CCRT hashes"))
+	})
 })

crypto/chacha20poly1305_aead_test.go

@@ -9,14 +9,15 @@ import (
 
 var _ = Describe("Chacha20poly1305", func() {
 	var (
-		alice, bob AEAD
+		alice, bob                       AEAD
+		keyAlice, keyBob, ivAlice, ivBob []byte
 	)
 
 	BeforeEach(func() {
-		keyAlice := make([]byte, 32)
-		keyBob := make([]byte, 32)
-		ivAlice := make([]byte, 4)
-		ivBob := make([]byte, 4)
+		keyAlice = make([]byte, 32)
+		keyBob = make([]byte, 32)
+		ivAlice = make([]byte, 4)
+		ivBob = make([]byte, 4)
 		rand.Reader.Read(keyAlice)
 		rand.Reader.Read(keyBob)
 		rand.Reader.Read(ivAlice)
@@ -47,4 +48,21 @@ var _ = Describe("Chacha20poly1305", func() {
 		_, err := bob.Open(42, []byte("aad2"), b)
 		Expect(err).To(HaveOccurred())
 	})
+
+	It("rejects wrong key and iv sizes", func() {
+		var err error
+		e := "chacha20poly1305: expected 32-byte keys and 4-byte IVs"
+		_, err = NewAEADChacha20Poly1305(keyBob[1:], keyAlice, ivBob, ivAlice)
+		Expect(err).To(MatchError(e))
+		_, err = NewAEADChacha20Poly1305(keyBob, keyAlice[1:], ivBob, ivAlice)
+		Expect(err).To(MatchError(e))
+		_, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob[1:], ivAlice)
+		Expect(err).To(MatchError(e))
+		_, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob, ivAlice[1:])
+		Expect(err).To(MatchError(e))
+	})
+
+	It("has nil diversification nonce", func() {
+		Expect(alice.DiversificationNonce()).To(BeEmpty())
+	})
 })

crypto/curve_25519_test.go

@@ -17,4 +17,11 @@ var _ = Describe("ProofRsa", func() {
 		Expect(err).ToNot(HaveOccurred())
 		Expect(sA).To(Equal(sB))
 	})
+
+	It("rejects short public keys", func() {
+		a, err := NewCurve25519KEX()
+		Expect(err).ToNot(HaveOccurred())
+		_, err = a.CalculateSharedKey(nil)
+		Expect(err).To(MatchError("Curve25519: expected public key of 32 byte"))
+	})
 })

crypto/null_aead.go

@@ -14,7 +14,7 @@ type NullAEAD struct{}
 var _ AEAD = &NullAEAD{}
 
 // Open and verify the ciphertext
-func (*NullAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error) {
+func (NullAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error) {
 	if len(ciphertext) < 12 {
 		return nil, errors.New("NullAEAD: ciphertext cannot be less than 12 bytes long")
 	}
@@ -34,7 +34,7 @@ func (*NullAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte,
 }
 
 // Seal writes hash and ciphertext to the buffer
-func (*NullAEAD) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte {
+func (NullAEAD) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte {
 	res := make([]byte, 12+len(plaintext))
 
 	hash := fnv128a.New()

crypto/null_aead_test.go

@@ -33,4 +33,13 @@ var _ = Describe("Crypto/NullAEAD", func() {
 		aead := &NullAEAD{}
 		Expect(aead.Seal(0, aad, plainText)).To(Equal(append([]byte{0x98, 0x9b, 0x33, 0x3f, 0xe8, 0xde, 0x32, 0x5c, 0xa6, 0x7f, 0x9c, 0xf7}, []byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood.")...)))
 	})
+
+	It("rejects short ciphertexts", func() {
+		_, err := NullAEAD{}.Open(0, nil, nil)
+		Expect(err).To(MatchError("NullAEAD: ciphertext cannot be less than 12 bytes long"))
+	})
+
+	It("has nil diversification nonce", func() {
+		Expect(NullAEAD{}.DiversificationNonce()).To(BeEmpty())
+	})
 })

crypto/source_address_token.go

@@ -41,7 +41,7 @@ func (t *sourceAddressToken) serialize() []byte {
 
 func parseToken(data []byte) (*sourceAddressToken, error) {
 	if len(data) != 8+4 && len(data) != 8+16 {
-		return nil, fmt.Errorf("invalid STK length %d", len(data))
+		return nil, fmt.Errorf("invalid STK length: %d", len(data))
 	}
 	return &sourceAddressToken{
 		ip:        data[8:],

crypto/source_address_token_test.go

@@ -33,6 +33,11 @@ var _ = Describe("Source Address Tokens", func() {
 			Expect(token.ip).To(Equal(net.IP{127, 0, 0, 1}))
 			Expect(token.timestamp).To(Equal(uint64(0xdeadbeef)))
 		})
+
+		It("rejects tokens of wrong size", func() {
+			_, err := parseToken(nil)
+			Expect(err).To(MatchError("invalid STK length: 0"))
+		})
 	})
 
 	Context("source", func() {