Add tests for ciphers

Author: whyoleg

build-logic/src/main/kotlin/ckbuild/tests/GenerateProviderTestsTask.kt

@@ -87,6 +87,7 @@ abstract class GenerateProviderTestsTask : DefaultTask() {
 
             "AesCbcTest",
             "AesCbcCompatibilityTest",
+            "AesCtrTest",
             "AesCtrCompatibilityTest",
             "AesEcbCompatibilityTest",
             "AesGcmTest",

cryptography-providers-tests-api/src/commonMain/kotlin/utils.kt

@@ -67,6 +67,9 @@ fun digest(name: String): CryptographyAlgorithmId<Digest> = when (name) {
 
 fun Buffer(bytes: ByteString): Buffer = Buffer().apply { write(bytes) }
 
+fun Buffer.bufferedSource(): Source = (this as RawSource).buffered()
+fun Buffer.bufferedSink(): Sink = (this as RawSink).buffered()
+
 expect fun disableJsConsoleDebug()
 
 // Wasm tests on browser cannot be filtered: https://youtrack.jetbrains.com/issue/KT-58291

cryptography-providers-tests/src/commonMain/kotlin/default/AesBasedTest.kt

@@ -7,11 +7,14 @@ package dev.whyoleg.cryptography.providers.tests.default
 import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.api.*
+import dev.whyoleg.cryptography.random.*
+import kotlinx.io.*
+import kotlinx.io.bytestring.*
 
 abstract class AesBasedTest<A : AES<*>>(
     private val algorithmId: CryptographyAlgorithmId<A>,
     provider: CryptographyProvider,
-) : ProviderTest(provider) {
+) : ProviderTest(provider), CipherTest {
 
     protected inner class AesTestScope(
         logger: TestLogger,
@@ -28,4 +31,40 @@ abstract class AesBasedTest<A : AES<*>>(
             block(AesTestScope(logger, context, provider, algorithm, keySize))
         }
     }
+
+    suspend fun AlgorithmTestScope<*>.assertCipherWithIvViaFunction(
+        encryptor: AES.IvEncryptor,
+        decryptor: AES.IvDecryptor,
+        ivSize: Int,
+        plaintext: ByteString,
+    ) {
+        val iv = ByteString(CryptographyRandom.nextBytes(ivSize))
+        listOf(
+            encryptor.resetIv(context).encryptWithIv(iv, plaintext),
+            encryptor.resetIv(context).encryptingSourceWithIv(iv, Buffer(plaintext).bufferedSource()).buffered()
+                .use { it.readByteString() },
+            Buffer().also { output ->
+                encryptor.resetIv(context).encryptingSinkWithIv(iv, output.bufferedSink()).buffered().use { it.write(plaintext) }
+            }.readByteString(),
+        ).forEach { ciphertext ->
+            assertContentEquals(plaintext, decryptor.decryptWithIv(iv, ciphertext))
+            assertContentEquals(
+                plaintext,
+                decryptor.decryptingSourceWithIv(iv, Buffer(ciphertext).bufferedSource()).buffered().use { it.readByteString() }
+            )
+            assertContentEquals(
+                plaintext,
+                Buffer().also { output ->
+                    decryptor.decryptingSinkWithIv(iv, output.bufferedSink()).buffered().use { it.write(ciphertext) }
+                }.readByteString()
+            )
+        }
+    }
+}
+
+// GCM mode on JDK has a check which tries to prevent reuse of the same IV with the same key.
+// we need to set random IV first to be able to reuse IV for different plaintext for the same key
+private suspend fun AES.IvEncryptor.resetIv(context: TestContext): AES.IvEncryptor {
+    if (context.provider.isJdk && this is AES.IvAuthenticatedEncryptor) encrypt(ByteString())
+    return this
 }

cryptography-providers-tests/src/commonMain/kotlin/default/AesCbcTest.kt

@@ -8,6 +8,7 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.providers.tests.api.*
 import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
 import kotlin.test.*
 
 private const val blockSize = 16
@@ -90,4 +91,26 @@ abstract class AesCbcTest(provider: CryptographyProvider) : AesBasedTest<AES.CBC
             assertNotEquals(data, it)
         }
     }
+
+    @Test
+    fun testFunctions() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(10) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherViaFunction(cipher, cipher, data)
+        }
+    }
+
+    @Test
+    fun testFunctionsWithIv() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(10) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherWithIvViaFunction(cipher, cipher, ivSize, data)
+        }
+    }
 }

cryptography-providers-tests/src/commonMain/kotlin/default/AesCtrTest.kt

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.tests.default
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
+import kotlin.test.*
+
+private const val ivSize = 16
+
+abstract class AesCtrTest(provider: CryptographyProvider) : AesBasedTest<AES.CTR>(AES.CTR, provider) {
+    @Test
+    fun testFunctions() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(10) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherViaFunction(cipher, cipher, data)
+        }
+    }
+
+    @Test
+    fun testFunctionsWithIv() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val cipher = key.cipher()
+        repeat(10) {
+            val size = CryptographyRandom.nextInt(20000)
+            val data = ByteString(CryptographyRandom.nextBytes(size))
+            assertCipherWithIvViaFunction(cipher, cipher, ivSize, data)
+        }
+    }
+}

cryptography-providers-tests/src/commonMain/kotlin/default/AesGcmTest.kt

@@ -8,6 +8,7 @@ import dev.whyoleg.cryptography.*
 import dev.whyoleg.cryptography.BinarySize.Companion.bits
 import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
 import kotlin.test.*
 
 private const val ivSize = 12
@@ -51,4 +52,30 @@ abstract class AesGcmTest(provider: CryptographyProvider) : AesBasedTest<AES.GCM
 
         assertFails { wrongKey.cipher().decrypt(ciphertext) }
     }
+
+    @Test
+    fun testFunctions() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        listOf(96, 104, 112, 120, 128).forEach { tagSizeBits ->
+            val cipher = key.cipher(tagSizeBits.bits)
+            repeat(10) {
+                val size = CryptographyRandom.nextInt(20000)
+                val data = ByteString(CryptographyRandom.nextBytes(size))
+                assertCipherViaFunction(cipher, cipher, data)
+            }
+        }
+    }
+
+    @Test
+    fun testFunctionsWithIv() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        listOf(96, 104, 112, 120, 128).forEach { tagSizeBits ->
+            val cipher = key.cipher(tagSizeBits.bits)
+            repeat(10) {
+                val size = CryptographyRandom.nextInt(20000)
+                val data = ByteString(CryptographyRandom.nextBytes(size))
+                assertCipherWithIvViaFunction(cipher, cipher, ivSize, data)
+            }
+        }
+    }
 }

cryptography-providers-tests/src/commonMain/kotlin/default/CipherTest.kt

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.tests.default
+
+import dev.whyoleg.cryptography.operations.*
+import dev.whyoleg.cryptography.providers.tests.api.*
+import kotlinx.io.*
+import kotlinx.io.bytestring.*
+
+interface CipherTest {
+    suspend fun AlgorithmTestScope<*>.assertCipherViaFunction(
+        encryptor: Encryptor,
+        decryptor: Decryptor,
+        plaintext: ByteString,
+    ) {
+        listOf(
+            encryptor.encrypt(plaintext),
+            encryptor.encryptingSource(Buffer(plaintext).bufferedSource()).buffered().use { it.readByteString() },
+            Buffer().also { output ->
+                encryptor.encryptingSink(output.bufferedSink()).buffered().use { it.write(plaintext) }
+            }.readByteString(),
+        ).forEach { ciphertext ->
+            assertContentEquals(plaintext, decryptor.decrypt(ciphertext))
+            assertContentEquals(
+                plaintext,
+                decryptor.decryptingSource(Buffer(ciphertext).bufferedSource()).buffered().use { it.readByteString() }
+            )
+            assertContentEquals(
+                plaintext,
+                Buffer().also { output ->
+                    decryptor.decryptingSink(output.bufferedSink()).buffered().use { it.write(ciphertext) }
+                }.readByteString()
+            )
+        }
+    }
+}

cryptography-providers-tests/src/commonMain/kotlin/default/SignatureTest.kt

@@ -26,7 +26,7 @@ interface SignatureTest {
             }
         }
         val viaSource: UpdateFunction. () -> Unit = {
-            update((Buffer(data) as RawSource).buffered())
+            update(Buffer(data).bufferedSource())
         }
         val viaSink: UpdateFunction. () -> Unit = {
             updatingSink(discardingSink()).buffered().use { it.write(data) }